Security Onion
From Wikipedia, the free encyclopedia
| Security Onion | |
|---|---|
 | |
 A screenshot of the default configuration. | |
| Developer | Security Onion Solutions |
| OS family | Linux (Unix-like) |
| Working state | Active |
| Source model | Open-source |
| Latest release | 2.4.70[1] / May 29, 2024 |
| Official website | securityonionsolutions |
| Support status | |
| Active | |
Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management.[2] It was developed by Doug Burks in 2008.[3] Its first release was in 2009.[4] It was originally based on Xubuntu 10.04.[5]
Version 2.4.140 was released on March 24, 2025.[6]
As of 2025 Security Onion includes Elastic Agent, which handles HIDS and endpoint monitoring. System requirements have increased with the Security Onion Manager server needing at least 16 GB RAM or more. Previous versions of Security Onion integrated Wazuh for HIDS. Wazuh has been replaced by Elastic agent in the 2025 version of Security Onion. [7]
Security Onion combines various tools and technologies to provide a robust IDS solution, including:
- Suricata and Zeek (formerly Bro): These are network-based IDS tools that monitor network traffic for suspicious activities.
- OSSEC: A host-based IDS that monitors system logs and file integrity.
- Elasticsearch, Logstash, and Kibana (ELK stack): These tools are used for log management and analysis, allowing for effective visualization and querying of security events.