-
Notifications
You must be signed in to change notification settings - Fork 521
Use Cases
Please note! This wiki is no longer maintained. Our documentation has moved to https://securityonion.net/docs/. Please update your bookmarks. You can find the latest version of this page at: https://securityonion.net/docs/Use-Cases.
Security Onion is designed for many different use cases! Here are just a few examples.
Evaluation Mode is ideal for classroom or lab environments.
Install Security Onion. Run Setup and configure network interfaces. Reboot, run Setup, and then choose Evaluation Mode.
For more information, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/QuickISOImage
Need to review a pcap with original timestamps preserved? Install Security Onion in Evaluation Mode as described above and then run so-import-pcap.
Install Security Onion. Run Setup and configure network interfaces. Reboot, run Setup, choose Production Mode, choose New Deployment, and enable network sensor services.
For more information, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/ProductionDeployment
Install Security Onion on the master server box. Run Setup and configure network interfaces. Reboot, run Setup, choose Production Mode, and then choose New Deployment.
Install Security Onion on one or more nodes and then on each one: run Setup, configure network interfaces, reboot, run Setup choose Production Mode, and then choose Existing Deployment to join to master.
For more information, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/ProductionDeployment
Install Security Onion in a VM on your local desktop or laptop. Do NOT run Setup. Launch the Sguil client and connect to sguild on your Production Master Server. Launch the web browser and connect to Squert or Kibana on your Production Master Server.
For more information, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/ConnectingtoSguil#directly-connecting-to-sguild-remotely
Install Security Onion on a sensor box and then configure it to send logs to your SIEM.
For more information, please see:
Sending logs to SIEM
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs