Security Onion 2018

Something I’ve had reason to play a lot with over the last few months is Security Onion, a free and open source product that frankly compares damn well to a number of *very* expensive proprietary products.

It requires no small amount of Linux and tech knowledge to start digging into, but you get an ELK stack, full packet capture, a number of GUI options for visibility into network and file system alerts.. it’s really neat.

I struggled to get my ELK stack working properly but the eventual culprit was memory: I’d recommend a minimum of 4-8 gigs of RAM.

I’m now looking into ways to build cheap nsm sensors out of something akin to Raspberry Pis, but I don’t know how feasible that is yet.