Guide on how to install Security Onion 😏
Security Onion is an open-source network security monitoring and intrusion detection system (IDS) platform. It is designed to help organizations monitor and defend their networks against various cyber threats, including malware, intrusions, and unauthorized access.
At its core, Security Onion integrates several powerful open-source security tools and technologies to provide comprehensive network security capabilities. These tools include:
Snort: A widely-used open-source IDS/IPS (Intrusion Detection/Prevention System) that can analyze network traffic and detect malicious activities.
Suricata: Another popular open-source IDS/IPS similar to Snort, but with some additional features and capabilities.
Zeek (formerly known as Bro): A powerful network analysis framework that can monitor network traffic and generate detailed logs for analysis.
Elastic Stack (formerly ELK Stack): It consists of Elasticsearch, Logstash, and Kibana. Elasticsearch is used for real-time data storage and indexing, Logstash for data collection and filtering, and Kibana for data visualization and analysis.
Wazuh: A host-based intrusion detection system (HIDS) that focuses on monitoring activities on individual systems or hosts.
OSSEC: An open-source host-based intrusion detection system that can analyze logs and detect suspicious activities on individual systems.
Create a network topology on virtual network editor. The ip address will be private such as (create a name where you can easily remember):
10.10.x.x
192.168.x.x
Download the security onion iso on this site: https://securityonionsolutions.com/software/
VMware — is a software company that provides virtualization and cloud computing solutions. Virtualization allows multiple operating systems (OS) and applications to run on a single physical server or machine, enabling efficient resource utilization and flexibility.
Follow the screenshots for installation:
It’s best to allocate 200GB for installation, hence the security onion requires a big storage of its services.
Modify the network connection: The one you created earlier under the virtual network editor.
Memory (RAM): 8GB minimum and processors will be 2.
Open the virtual machine created once done.
Choose the install security onion (insert the version) the first one.
Create username and password
Wait for the creation and installation of its components.
Installation complete! :D
Enter your credentials (username and password)
This will be a manual installation.
Choose the letter a; for an analyst role.
Go to your browser (chrome, brave, and firefox). Input the ip address with port indicated on the terminal.
Accept the Risk and Continue.
The accept the risk and continue — is a prompt or message that appears in web browsers when encountering an untrusted or potentially risky website or security certificate. It is typically displayed when the browser detects a mismatch or issue with the website’s SSL/TLS certificate, which is used to secure the connection between the user’s browser and the website.
Input the email address and password you made from the manual installation of security onion terminal.
