Friday, September 20, 2024

Did you know Security Onion scales from small virtual machines all the way up to large enterprise deployments of hundreds of nodes and thousands of endpoint agents?

A minimal Security Onion installation is an IMPORT installation and can be used to import PCAP or EVTX files in a minimal VM with as little as 4GB RAM:



On the opposite end of the architecture spectrum, a distributed deployment consists of:
  •  a manager node
  • one or more forward nodes running Suricata and Zeek to analyze network traffic and generate NIDS alerts and protocol metadata logs
  • one or more search nodes running Elasticsearch to store and search logs
  • optional receiver nodes for load balancing and pipeline redundancy
  • optional Intrusion Detection Honeypot (IDH) nodes for deception


This is a scalable model and can support hundreds of nodes and thousands of endpoints running the Elastic Agent.

For more information, please see the Architecture section of our documentation:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.