Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
With server-sensor setup you can manage multiple networks and hosts. Search through IDS, Firewall, and End-Point logs with ease and quickly identify problem areas or possible nefarious activities. Secure you cloud or on premise systems today.
So we have full packet capture, Snort or Suricata rule-driven intrusion detection, Zeek event-driven intrusion detection and Wazuh host-based intrusion detection, all running out of the box once you run Security Onion setup. These disparate systems with various dependencies and complexities all run seamlessly together and would otherwise take hours, days or weeks to assemble and integrate on their own. What was once a seemingly impossible task is now as easy as answering a few questions. Get your free trial here Security Onion AMI
While you can still use just the SSH client, Security Onion uses some desktop features, so for a better experience using this AMI follow these instructions after you have setup your new Security Onion EC2 machine: