Friday, September 20, 2024

Did you know Security Onion scales from small virtual machines all the way up to large enterprise deployments of hundreds of nodes and thousands of endpoint agents?

A minimal Security Onion installation is an IMPORT installation and can be used to import PCAP or EVTX files in a minimal VM with as little as 4GB RAM:



On the opposite end of the architecture spectrum, a distributed deployment consists of:
  •  a manager node
  • one or more forward nodes running Suricata and Zeek to analyze network traffic and generate NIDS alerts and protocol metadata logs
  • one or more search nodes running Elasticsearch to store and search logs
  • optional receiver nodes for load balancing and pipeline redundancy
  • optional Intrusion Detection Honeypot (IDH) nodes for deception


This is a scalable model and can support hundreds of nodes and thousands of endpoints running the Elastic Agent.

For more information, please see the Architecture section of our documentation:

No comments:

Search This Blog

Featured Post

Did You Know Security Onion Scales to the Enterprise?

Did you know Security Onion scales to the enterprise? Security Onion is designed to scale from simple standalone deployments all the way up ...

Popular Posts

Blog Archive