Intrusion Detection

Featuring Bro, Suricata, and Snort.

Log Management

Includes Kibana, CapME, CyberChef, squert, ELSA, and Sguil

Enterprise Security Management

With server-sensor setup you can manage multiple networks and hosts.

Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!  Get your free trial here Security Onion AMI


Find more information at Security Onion's sites: and


For a better experience using this AMI follow these instructions after you have setup your new Security Onion EC2 machine:

  • Required to Launch and Use
    • SSH Into the machine using the public key you setup for the machine.
  • Optional 3rd Party Software
    • Reset the ec2-user password sudo passwd ec2-user
    • Start TigerVNC by typing vncserver
      • Follow the onscreen prompts for setting a password
    • On your client machine, download the appropriate TigerVNC Client
    • Connect to the VNC server using this connection string your.public.endpoint.url:5901
      • Make sure that port 5901 is open in your security group
      • Sometimes the server may start on 5902, so if your connection fails try 5902.
    • Once you have successfully connected and entered your VNC password.
    • For more information on what to during and after setup go to the Security onion's github wiki page.