Security-Distro SO-6-1024x660

Published on January 9th, 2016 | 89 views Post Views

Security Onion: A Linux Distro For IDS, NSM, And Log Management


Security Onion is a Linux distribution for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, Sguil, Squert, Snorby, ELSA, Xplico, Network Miner, and many other security tools. Security Onion is a platform that allows you to monitor your network for security alerts. It’s simple enough to run in small environments without many issues and allows advanced users to deploy distributed systems that can be used in network enterprise type environments.


Security Onion Layers

  • Ubuntu based OS
  • Snort, Suricata
  • Snorby
  • Bro
  • Sguil
  • Squert
  • ELSA
  • NetworkMiner
  • PADS

And Many Other tools…


  • Snort and Suricata are NIDS Engine.


  • Snort is an open source network intrusion detection and prevention system (IDS/IPS)


  • Suricata is a high performance Network IDS/IPS and network Security Monitoring system.

IDS Engines

  • Highly scalable
  • Protocol Identification
  • File Identification
  • MD5 Checksums
  • File Extraction



Web frontend of network security’s monitoring.

  • Metrics and reports
  • Classifications
  • Full Packet
  • custom setting
  • Hotkeys


  • High-level semantic analysis at the application
  • site-specific monitoring policies Sguil
  • It is an analysis console for security’s monitoring
  • Its a powerful for Event analysis, Coreleation and review Squert
  • A web interfaces to query and to view Sguil event data and is a visual tools
  • Bro is a powerful network analysis framework


ELSA is a centralized system log framework built on System log-NG, MySQL, and Sphinx full-text search. It provides a fully asynchronous web-based query interface that normalizes logs and makes searching billions of them for arbitrary strings as easy as searching the web. It also includes tools for assigning permissions for viewing the logs as well as email based alerts, scheduled queries, and graphing.



Using Security Onion

The first thing we will want to do is update the Snort rules in Security Onion. Open up a terminal window and enure you have root privileges. We used the sudo su command to change over to root.

The command will update the rules.

 sudo /usr/bin/rule-update

Next, we will launch Snorby. You can simply double click on the Snorby icon on the desktop. You will use the email address and password you created during the setup script in Step 4 to login.

Example :

E-mail address: [email protected]

Password: password

This is Monitoring Interface for Snorby



Security Onion 14.04 has reached Release Candidate status

more info and download can be found here

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on Reddit0Email this to someonePrint this pageShare on StumbleUpon0Digg thisPin on Pinterest0Share on LinkedIn0

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑

You Might Also Like:
New BIOS Implant, Vulnerability Discovery Tool to Debut at CanSecWest

When the National Security Agency’s ANT division catalog of surveillance tools was disclosed among the myriad of Snowden revelations, its...