• (978) 688 1739
  • info@BLKing.net

Intrusion Detection

Security Onion

Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!

Enterprise Security Management

With server-sensor setup you can manage multiple networks and hosts. Search through IDS, Firewall, and End-Point logs with ease and quickly identify problem areas or possible nefarious activities. Secure you cloud or on premise systems today.

Technical Details

So we have full packet capture, Snort or Suricata rule-driven intrusion detection, Zeek event-driven intrusion detection and Wazuh host-based intrusion detection, all running out of the box once you run Security Onion setup. These disparate systems with various dependencies and complexities all run seamlessly together and would otherwise take hours, days or weeks to assemble and integrate on their own. What was once a seemingly impossible task is now as easy as answering a few questions.  Get your free trial here Security Onion AMI

Find more information at Security Onion’s sites:  https://securityonion.net/ and https://securityonion.readthedocs.io/en/latest/

Optional Usage

While you can still use just the SSH client, Security Onion uses some desktop features, so for a better experience using this AMI follow these instructions after you have setup your new Security Onion EC2 machine:

  • Required to Launch and Use
    • SSH Into the machine using the public key you setup for the machine.
  • Optional 3rd Party Software
    • Reset the ec2-user password sudo passwd ec2-user
    • Start TigerVNC by typing vncserver
      • Follow the onscreen prompts for setting a password
    • On your client machine, download the appropriate TigerVNC Client
    • Connect to the VNC server using this connection string your.public.endpoint.url:5901
      • Make sure that port 5901 is open in your security group
      • Sometimes the server may start on 5902, so if your connection fails try 5902.
    • Once you have successfully connected and entered your VNC password.
    • For more information on what to during and after setup go to the Security onion’s github wiki page.