Friday, January 22, 2016

Security Onion Screenshot Tour

Below is a quick screenshot tour of the new Security Onion ISO image.

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!

We have online training classes starting next Monday:

Commercial Support
Need commercial support?  Please see:

If you have any questions or problems, please use our security-onion mailing list:


ISO Boot Menu

Boot splash

Installer - Welcome

Installer - Preparing

Installer - Installation Type (now with LVM)

Installer - Verify disk changes

Installer - Time Zone

Installer - Keyboard Layout

Installer - hostname, username, and password

Installer - Copying files

Installer - Installation Complete

Installer - ready to reboot

GRUB Boot Menu

Login screen


Installing updates with soup

Setup - Welcome

Setup - Network Interfaces
Setup - Management Interface 
Setup - IP Address for Management Interface

Setup - Monitor (sniffing) interfaces 
Setup - Monitor (sniffing) interfaces 
Setup - Verify Choices

Setup - Network Configuration Complete

Reboot and log back in

Run Setup Phase 2

Setup - Welcome

Setup - Skip Network Configuration

Setup - Evaluation Mode or Production Mode

Setup - Monitor (sniffing) interface

Setup - Username

Setup - Password

Setup - Confirm Password

Setup - Confirm Options

Setup - Progress Bar

Setup - Complete

Setup - sostat

Setup - Rules

Setup - links

Setup - commercial support

Verifying services 
Replaying pcaps to create traffic

Launching Squert web interface

Logging into Squert

Squert Main Page

Squert - drilling into a NIDS alert

Squert - viewing NIDS alert payload

Squert - viewing full packet capture

Squert - Geoip Mapping

Squert - Top Signatures

Squert - Top IP Addresses

Squert - Top Countries

Squert - Top Ports

Squert - Sankey Diagram

Logging into Sguil

Sguil - selecting networks (sensors)

Sguil RealTime Events tab

Sguil - pivoting from a NIDS alert to full packet capture

Pivoting from a NIDS alert and sending pcap to Wireshark

Pivoting from a NIDS alert and sending pcap to NetworkMiner

Pivoting from a NIDS alert and decoding gzip-encoded data using Bro

Logging into ELSA 
ELSA - Connections - Top SRC IPs

ELSA - Connections - Top DST IPs

ELSA - Connections - Top DST Ports

ELSA - Connections - Top Services

ELSA - Connections - Groupby Protocol

ELSA - Connections - Groupby Responder's Country Code

ELSA - DHCP - Top Assigned IPs

ELSA - DHCP - DHCP Servers

ELSA - DNS - Top Query Type

ELSA - DNS - Top Return Code

ELSA - Top nxdomain

ELSA - Files - MIME Types

ELSA - FTP - Top arg

ELSA - HTTP - Top DST Ports

ELSA - HTTP - Top MIME Types

ELSA - HTTP - Top User Agents

ELSA - HTTP - Top Sites

ELSA - HTTP - Sites hosting EXEs

ELSA - HTTP - Sites hosting CABs

ELSA - HTTP - Sites Hosting JARs

ELSA - HTTP - Sites hosting SWFs

ELSA - HTTP - Sites hosting ZIPs

ELSA - Kerberos - Top Services

ELSA - Notices - Top Notice Types 
ELSA - SMTP - Top Subjects

ELSA - Snort/Suricata - Top NIDS Alerts

ELSA - Software - Software Detected by Bro

ELSA - SSL - Top Hostnames

No comments:

Search This Blog

Featured Post

Security Onion 2.4.50 now available including some new features and lots of bug fixes!

Security Onion 2.4.50 is now available! It includes some new features for our fellow defenders and lots of bug fixes! https://docs.securityo...

Popular Posts

Blog Archive