Security Onion is a Linux distro for IDS, NSM, and log management

Our easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes

Analyze your NIDS/HIDS alerts with Squert

Pivot between multiple data types with Sguil and send pcaps to Wireshark and NetworkMiner

Use ELSA to slice and dice your logs

Access full packet capture with CapMe

Snort/Suricata and Bro compiled with PF_RING to handle lots of traffic

Easy updates
Data Types
  • Alert data - HIDS alerts from OSSEC and NIDS alerts from Snort/Suricata
  • Asset data from Prads and Bro
  • Full content data from netsniff-ng
  • Host data via OSSEC and syslog-ng
  • Session data from Argus, Prads, and Bro
  • Transaction data - http/ftp/dns/ssl/other logs from Bro

Ready to peel back the layers of your network?  Get Security Onion!

Need help?  We have a Help page on our Wiki and we also offer commercial support/training.

See the latest announcements on the blog.

To learn more about installing and using Security Onion, check out our video playlist below.

No comments: