We are once again hosting our annual user conference in beautiful Augusta, GA on October 23, and we want to hear from you! Our Call For Presenters (CFP) is open through this weekend, and we're looking for speakers with unique use cases, hunting techniques, integrations, or other examples of how to use Security Onion to secure a network. Come share your knowledge with your fellow blue teamers!
https://t.co/dbQmuKBYV2
HAPPY BIRTHDAY TO US!
Today marks the twelfth birthday of Security Onion Solutions -- a dozen years of providing training, support, and other services on top of the free and open Security Onion platform. Here's to many more!
USING SOFTWARE RAID?
We've identified an issue with an updated release of mdadm that could cause problems for Security Onion deployments using software RAID filesystems. If that applies to you, this blog post has more information:
https://t.co/Glfl6jmjsd
Curious about the Human-Centered Investigative Playbook (HCIP) standard that underlies our Guided Analysis feature? If you're going to be at @BSidesPGH this week, come see our Senior Engineer Matthew Gracie, presenting in the afternoon on that very topic. Hope to see you there!
JUST POSTED: We've just released an update to our Introduction to Security Onion overview video, recorded with Security Onion 3. Learn all about the platform, how it fits into your security architecture, the ways to pivot between logs from your network and your endpoints, and how it's all wrapped up in a lovely new interface. Alert investigation, detection engineering, ad hoc threat hunting -- Security Onion has everything you need to peel back the layers of your network and make the bad guys cry.
https://t.co/pp5uJWhTF8
DID YOU KNOW? Security Onion Pro includes a feature called Manager of Managers, or MoM, which leverages the Security Onion API to allow access to other Security Onion installations in your environment from a central console.
Perfect for MSSPs, for independent subsidiaries, for geographically siloed security teams, for dev environments, and more! Check out this video for more details.
https://t.co/hJY5kC6v6V
DID YOU KNOW?
It's possible to enable or disable Suricata NIDS rules in Security Onion using regular expressions -- if you want to turn off all of those ET INFO or TOR alerts, this is an easy way to do it. And the best part is it will apply to new rules that are added to the set in the future.
More information here: https://t.co/pcqfnnmx3P
🚀Introducing SO-CRATES 1.0 — Security Onion Containerized Rapid Analysis of Threats, Evil, and Sus!
SO-CRATES is a single container image for analyzing pcap files, log files, and binary files. It was formerly known as OhMyPCAP.
Here's what you can do with SO-CRATES:
✅analyze pcap files and then review Suricata alerts, metadata, and extracted files
✅import log files and then review Sigma alerts and the original log entries
✅import binary files and then review YARA matches and file metadata
All of this runs in a single Docker/Podman container — perfect for air-gapped environments, malware analysis, incident response, threat hunting, forensics & teaching.
Who’s trying it out? Drop a ❤️ and reply with your main use case!
#DFIR #Cybersecurity #BlueTeam #ThreatHunting #Suricata #YARA #Sigma
@Suricata_IDS@lennyzeltser@chrissanders88@sansforensics@TomLawrenceTech
On this day in 2009 the very first release of Security Onion hit the Internet. A lot has changed since then, but it's still the best free and open solution to help you peel back the layers of your network and see what's really happening.
Good morning Charm City! If you're at #AFCEATechnet, come to booth 3242 to see the legendary Michael Stokes and learn about using Security Onion to peel back the layers of your network.
It's time for O's, Bohs, and SO -- Security Onion Solutions is coming to Baltimore! Looking forward to seeing all our friends at #AFCEATechnet in Charm City this week, come see us at booth 3242 to find out how we can help you peel back the layers of your network and make the bad guys cry.
Security Onion 3.1.0 Hotfix 20260528 Now Available!
We've released a hotfix to Security Onion 3.1.0 to address issues for deployments with Heavy Nodes or custom Logstash pipelines - please check out this blog post for more information.
https://t.co/aukTDkTIxK
Our printed documentation book has been updated for Security Onion 3.1 and is available from Amazon now!
For those who don't know, we offer a softcover copy of our documentation for the current version of Security Onion via Amazon. All proceeds go to the Rural Technology Fund, and the book comes with a 20% off discount code for our on-demand training and the Security Onion Certified Professsional (SOCP) certification exam.
IT'S TIME FOR SOUP!
Security Onion 3.1.0 is now available and includes new features, updated components, and many quality-of-life improvements!
Get all the details on our blog:
https://t.co/bIRSIYUQky
DID YOU KNOW?
Starting in version 2.4.170, Security Onion Pro users have access to a new type of Security Onion node, the Hypervisor Node. The Hypervisor node uses Linux-native virtualization libraries to run multiple independent SO nodes on a single piece of hardware -- if you have a powerful server that's being underutilized, this allows you to spin up additional nodes on it from inside the Security Onion Console, with no reliance on other virtualization platforms.
More information here: https://t.co/7vJFEPpuVs
SAVE THE DATE!
We will once again be hosting the Security Onion Conference in beautiful Augusta, GA on October 23rd. Registration will open on August 7.
Today, we are opening our Call For Presenters (CFP) for the conference. Have you developed a unique use case for Security Onion? Integrated it with other tools? Deployed it in an exciting new environment? We want to hear all about it!
https://t.co/i9yrvWLFoQ
ICYMI: Last week we had a webinar with our friends from Garland Technology on using their TAPs and packet brokers along with Security Onion for a holistic view of what's happening on your network. Check it out!
https://t.co/v9AKbHQ4he
THURSDAY: Join our Senior Engineer Matthew Gracie, along with Chris Bihary and our friends from Garland Technology, for the webinar "See Everything, Miss Nothing: Enhancing Threat Detection with Complete Packet Visibility and Full Packet Capture". Come learn how Garland TAPs and packet brokers can feed Security Onion to give you full visibility into your network traffic.
Register below!
https://t.co/l893pDJYxq
DID YOU KNOW?
Security Onion can be configured to automatically perform reverse DNS lookups to provide hostname information in the SOC interface. Just turn on the "enableReverseLookup" function in Configuration and enjoy!