Overview
Security Onion is a free and open platform built by defenders for defenders. It includes network visibility, host visibility, intrusion detection honeypots, log management, and case management. For network visibility, we offer signature based detection via Suricata, rich protocol metadata and file extraction using your choice of either Zeek or Suricata, full packet capture via Stenographer, and file analysis via Strelka. For host visibility, we offer the Elastic Agent which provides data collection, live queries via osquery, and centralized management using Elastic Fleet. Intrusion detection honeypots based on OpenCanary can be added to your deployment for even more enterprise visibility. All of these logs flow into the Elastic stack and we've built our own user interfaces for alerting, hunting, dashboards, case management, and grid management. Security Onion has been downloaded over 2 million times and is being used by security teams around the world to monitor and defend their enterprises. Our easy-to-use Setup wizard allows you to build a distributed grid for your enterprise in minutes!
Highlights
- Security Onion can be installed as a standalone, single VM, or in a distributed grid. Additionally, a single-VM evaluation install mode is available for learning Security Onion, as well as an import install mode for analyzing past events.
- Security Onion Console provides a consistent interface for viewing events, escalating alerts, and drilling down into associated PCAP traffic.
- Aggregate your platform logs into Security Onion for a comprehensive, security-focused view into activity within your infrastructure.
Details
Typical total price
$0.451/hour
Pricing
Free trial
- ...
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
|---|---|---|---|
t2.large | $0.15 | $0.093 | $0.243 |
t2.xlarge | $0.15 | $0.186 | $0.336 |
t2.2xlarge | $0.15 | $0.371 | $0.521 |
t3.large | $0.15 | $0.083 | $0.233 |
t3.xlarge | $0.15 | $0.166 | $0.316 |
t3.2xlarge | $0.15 | $0.333 | $0.483 |
t3a.large | $0.15 | $0.075 | $0.225 |
t3a.xlarge | $0.15 | $0.15 | $0.30 |
t3a.2xlarge Recommended | $0.15 | $0.301 | $0.451 |
m3.large | $0.15 | $0.133 | $0.283 |
Additional AWS infrastructure costs
Type | Cost |
|---|---|
EBS General Purpose SSD (gp3) volumes | $0.08/per GB/month of provisioned storage |
Vendor refund policy
Refunds are not available.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Full release notes for the latest Security Onion release are located at https://docs.securityonion.net/en/2.4/release-notes.html .
Existing Security Onion 2.4.4 or newer AMI installations should use the "soup" command to upgrade to newer versions of Security Onion. Attempting to switch to a newer AMI from the AWS Marketplace could cause loss of data and require full grid re-installation. Note that grids running Security Onion 2.3 cannot use soup to upgrade to 2.4, as the underlying operating system has changed from CentOS to Oracle Enterprise Linux.
Additional details
Usage instructions
IMPORTANT: Security Onion requires installation once the virtual machine first starts. Additionally, an understanding of DNS and networking concepts is required. Most users will need to map the VM's hostname to the VM IP address, either via their local /etc/hosts file, or via a domain resolution service in order to access the web interface.
Please review the following documentation links, as thoroughly understanding the architecture, such as which nodes should exist in AWS vs On-Premise, is an important prerequisite for deploying Security Onion in AWS.
Guidelines on instance sizing as well as AMI-specific instructions. This is a must read for all users new to running Security Onion on AWS.
Where data is stored within the VM's filesystem:
How Security Onion data is secured:
Information relating to updating passwords:
To verify a healthy installation, follow the recommendations provided in the following links:
- https://docs.securityonion.net/en/2.4/grid.html
- https://docs.securityonion.net/en/2.4/so-status.html
- https://docs.securityonion.net/en/2.4/help.html
Finally, if you run into trouble or need clarification, there is an active Security Onion community that helps answer questions relating to Security Onion. To take advantage of this free community support, visit our discussion forum:
Resources
Vendor resources
Support
Vendor support
Free community support is provided by the general public. Search our forums for answers that may have already been provided by other users. Security Onion Solutions also offers premium support at an additional cost. Visit our support website for more information. Premium Support:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
poorly developed , no support for software, no architecture or deployment details,
poorly developed, no support for software, no architecture or deployment details,
what is the purpose of having this software at this platform , absolutely nothing