Friday, September 20, 2024

Did you know Security Onion scales from small virtual machines all the way up to large enterprise deployments of hundreds of nodes and thousands of endpoint agents?

A minimal Security Onion installation is an IMPORT installation and can be used to import PCAP or EVTX files in a minimal VM with as little as 4GB RAM:



On the opposite end of the architecture spectrum, a distributed deployment consists of:
  •  a manager node
  • one or more forward nodes running Suricata and Zeek to analyze network traffic and generate NIDS alerts and protocol metadata logs
  • one or more search nodes running Elasticsearch to store and search logs
  • optional receiver nodes for load balancing and pipeline redundancy
  • optional Intrusion Detection Honeypot (IDH) nodes for deception


This is a scalable model and can support hundreds of nodes and thousands of endpoints running the Elastic Agent.

For more information, please see the Architecture section of our documentation:

No comments:

Search This Blog

Featured Post

Security Onion 2.4.111 now available!

In October, we released version 2.4.110: https://blog.securityonion.net/2024/10/security-onion-24110-hurricane-helene.html Last week, Surica...

Popular Posts

Blog Archive