Tuesday, September 17, 2024

Did you know that Security Onion provides both network AND host visibility?

Security Onion started in 2008 as a Network Security Monitoring (NSM) platform. Over the years, more and more of our network traffic has become encrypted. That's a good thing for privacy but it makes our jobs as defenders a little more difficult. To fill in those blind spots, we've spent the last several years making sure that Security Onion is equally as powerful on the host side as it is on the network side. Here's a diagram showing an overview of Security Onion consuming not just network traffic from your taps or span ports but also logs from your endpoints:

The following screenshot shows a comprehensive Security Onion deployment that does both network monitoring and host monitoring as well:

Security Onion includes a complete set of dashboards for each of those different kinds of endpoint data:

The Elastic Agent Overview dashboard gives you an overview of the comprehensive telemetry that is provided by the Elastic Agent when installed on your servers, desktops, and laptops:

You can read more about our endpoint capabilities in the Host Visibility section of our documentation:

https://docs.securityonion.net/en/2.4/host.html


No comments:

Search This Blog

Featured Post

Security Onion 2.4.111 now available!

In October, we released version 2.4.110: https://blog.securityonion.net/2024/10/security-onion-24110-hurricane-helene.html Last week, Surica...

Popular Posts

Blog Archive