Security Onion
Linux distribution
From Wikipedia, the free encyclopedia
Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management.[2] It was developed by Doug Burks in 2008.[3] Its first release was in 2009.[4] It was originally based on Xubuntu 10.04.[5]
| Security Onion | |
|---|---|
 | |
 A screenshot of the default configuration. | |
| Developer | Security Onion Solutions |
| OS family | Linux (Unix-like) |
| Working state | Active |
| Source model | Open-source |
| Latest release | 2.4.70[1] / May 29, 2024 |
| Official website | securityonionsolutions |
| Support status | |
| Active | |
Version 2.4.140 was released on March 24, 2025.[6]
Security Onion combines various tools and technologies to provide a robust IDS solution, including:
- Suricata and Zeek (formerly Bro): These are network-based IDS tools that monitor network traffic for suspicious activities.
- OSSEC: A host-based IDS that monitors system logs and file integrity.
- Elasticsearch, Logstash, and Kibana (ELK stack): These tools are used for log management and analysis, allowing for effective visualization and querying of security events.