Service

Security Onion

Readiness Level
Intermediate
Security Onion
Related topics:
Cybersecurity Best Practices, Cyber Threats and Advisories

CISA does not endorse any commercial product or service. CISA does not attest to the suitability or effectiveness of these services and resources for any particular use case. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA.

Description

Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise. Security Onion includes Elasticsearch, Logstash, Kibana, Suricata, Zeek (formerly known as Bro), Wazuh, Stenographer, CyberChef, NetworkMiner, and many other security tools.

Learn about CISA's CPGs

Tags

Audience
Educational Institutions, Executives, Federal Government, Industry, Small and Medium Businesses, Faith-Based Community, State, Local, Tribal, and Territorial Government
Topics
Cybersecurity Best Practices, Cyber Threats and Advisories

Related Services

Respond to an incident, Assess your risk level | Foundational, Intermediate

Metro State Cybersecurity Clinic

The Metro State Cybersecurity Clinic seeks to train students from diverse backgrounds—with varying academic expertise—to strengthen the digital defenses of under-resourced organizations in our communities.
Respond to an incident, Assess your risk level | Foundational, Intermediate

Louisiana State University - Cybersecurity Clinic

In conjunction with the Louisiana Small Business Development Center, the Louisiana State University Cybersecurity Clinic is helping to raise the cybersecurity baseline for small businesses by offering pro-bono cybersecurity services.
Intermediate

Semgrep

Semgrep OSS is an open-source, static analysis tool for searching code, finding bugs, and enforcing code standards at editor, commit, and CI time.