Security Onion

Security Onion is a free and open platform built by defenders for defenders. It includes network visibility, host visibility, intrusion detection honeypots, log management, case management, and much more. For network visibility, Security Onion includes signature based detection via Suricata, rich protocol metadata and file extraction using your choice of either Zeek or Suricata, full packet capture via Suricata PCAP, and file analysis via Strelka. For host visibility, we offer the Elastic Agent which provides data collection, live queries via osquery, and centralized management using Elastic Fleet. Intrusion detection honeypots based on OpenCanary can be added to your deployment for even more enterprise visibility. All of these logs flow into the Elastic stack. Security Onion's native user interface, called SOC - short for Security Onion Console, for alerting, detection, hunting, dashboards, case management, and grid management, and much more. Security Onion has been downloaded over 2 million times and is being used by security teams around the world to monitor and defend their enterprises. Our easy-to-use Setup wizard allows you to build a distributed grid for your enterprise in minutes! Security Onion can be installed as a standalone, single VM, or in a distributed grid. Additionally, a single VM evaluation install mode is available for learning Security Onion, as well as an import install mode for analyzing past events. The Security Onion Console provides a consistent interface for viewing events, escalating alerts, collecting information into cases, and drilling down into associated PCAP traffic. Aggregate your platform logs into Security Onion for a comprehensive, security-focused view into activity within your infrastructure. Note that free community-based support for Security Onion is offered via our discussion forum. Premium support is available for purchase separately, and is included with Security Onion Pro paid licenses. Security Onion Pro is a licensed set of additional features useful to larger organizations, including Onion AI: a built-in AI assistant that is compatible with the either the Pro-bundled cloud AI platform offered by Security Onion, and also compatible with Google's Gemini AI platform or a locally hosted OpenAI-compatible endpoint. Contact our sales team to request a demo or more information.