External API for Security Onion Pro Customers

We recently released Security Onion 2.4.120:

https://blog.securityonion.net/2025/02/security-onion-24120-now-available.html

In that blog post, we mentioned that Security Onion 2.4.120 includes a new feature for Security Onion Pro customers that allows you to connect to the Security Onion API from external API clients. So what can you do via API? We've put together a simple example of how you might use this external API to integrate with another security tool or perhaps build your own custom interface. 

Vidalia Example App

Vidalia is a security operations web application that showcases Security Onion's API capabilities. It demonstrates some of the key uses for external API access for things like grid management, alert review, PCAP retrieval, and case management.

First, some warnings and disclaimers from the Vidalia repo at https://github.com/Security-Onion-Solutions/securityonion-examples/tree/main/vidalia:

• This is just an EXAMPLE and is TOTALLY UNSUPPORTED!
• This is not intended for production use!
• If this breaks anything you get to keep BOTH pieces!

Enough disclaimers? Let's take a look at a quick screenshot tour of Vidalia and what you can do via API! 

Manage your grid via API

Review your alerts via API

Retrieve your PCAP via API

Review your cases via API

Review your case details via API

Vidalia is just a quick and dirty proof of concept that showcases the power of the Security Onion API. Get creative and think about how you could use the Security Onion API to integrate with your other security tools. If you haven't already purchased your Security Onion Pro license, you can do so at:
https://securityonion.com/pro

Once you have a Security Onion Pro license, you can then enable the Connect API as shown in the documentation:

https://docs.securityonion.net/en/2.4/connect.html