Did you know Security Onion scales from small virtual machines all the way up to large enterprise deployments of hundreds of nodes and thousands of endpoint agents?

A minimal Security Onion installation is an IMPORT installation and can be used to import PCAP or EVTX files in a minimal VM with as little as 4GB RAM:

On the opposite end of the architecture spectrum, a distributed deployment consists of:

a manager node
one or more forward nodes running Suricata and Zeek to analyze network traffic and generate NIDS alerts and protocol metadata logs
one or more search nodes running Elasticsearch to store and search logs
optional receiver nodes for load balancing and pipeline redundancy
optional Intrusion Detection Honeypot (IDH) nodes for deception

This is a scalable model and can support hundreds of nodes and thousands of endpoints running the Elastic Agent.

For more information, please see the Architecture section of our documentation:

https://docs.securityonion.net/en/2.4/architecture.html

Synergizing Cybersecurity: The Benefits.

HackerOne: Nearly Half of.

Recent Posts

Lastest Posts

Contact Us

Get Update