Listing Thumbnail

    Security Onion 2

     Info
    Deployed on AWS
    Free Trial
    The official Security Onion 2 AMI. Security Onion 2 provides organizations with a suite of tools for threat hunting, enterprise security monitoring, and log management.

    Overview

    Play video

    Security Onion is a free and open platform built by defenders for defenders. It includes network visibility, host visibility, intrusion detection honeypots, log management, and case management. For network visibility, we offer signature based detection via Suricata, rich protocol metadata and file extraction using your choice of either Zeek or Suricata, full packet capture, and file analysis. For host visibility, we offer the Elastic Agent which provides data collection, live queries via osquery, and centralized management using Elastic Fleet. Intrusion detection honeypots based on OpenCanary can be added to your deployment for even more enterprise visibility. All of these logs flow into the Elastic stack and we've built our own user interfaces for alerting, hunting, dashboards, case management, and grid management. Security Onion has been downloaded over 2 million times and is being used by security teams around the world to monitor and defend their enterprises. Our easy-to-use Setup wizard allows you to build a distributed grid for your enterprise in minutes!

    Highlights

    • Security Onion can be installed as a standalone, single VM, or in a distributed grid. Additionally, a single-VM evaluation install mode is available for learning Security Onion, as well as an import install mode for analyzing past events.
    • Security Onion Console provides a consistent interface for viewing events, escalating alerts, and drilling down into associated PCAP traffic.
    • Aggregate your platform logs into Security Onion for a comprehensive, security-focused view into activity within your infrastructure.

    Details

    Delivery method

    Delivery option
    64-bit (x86) Amazon Machine Image (AMI)

    Latest version

    Operating system
    OtherLinux 9

    Deployed on AWS

    Unlock automation with AI agent solutions

    Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
    AI Agents

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Free trial

    Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.

    Security Onion 2

     Info
    Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    Usage costs (603)

     Info
    • ...
    Dimension
    Cost/hour
    t3a.2xlarge
    Recommended
    $0.15
    m6idn.metal
    $0.15
    c6i.8xlarge
    $0.15
    m5d.2xlarge
    $0.15
    r7iz.8xlarge
    $0.15
    r6idn.12xlarge
    $0.15
    c6i.large
    $0.15
    trn1n.32xlarge
    $0.15
    g6.12xlarge
    $0.15
    r7iz.large
    $0.15

    Vendor refund policy

    Refunds are not available.

    How can we make this page better?

    We'd like to hear your feedback and ideas on how to improve this page.
    We'd like to hear your feedback and ideas on how to improve this page.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    64-bit (x86) Amazon Machine Image (AMI)

    Amazon Machine Image (AMI)

    An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

    Version release notes

    Full release notes for the latest Security Onion release are located at https://docs.securityonion.net/en/2.4/release-notes.html .

    Existing Security Onion 2.4.4 or newer AMI installations should use the "soup" command to upgrade to newer versions of Security Onion. Attempting to switch to a newer AMI from the AWS Marketplace could cause loss of data and require full grid re-installation. Note that grids running Security Onion 2.3 cannot use soup to upgrade to 2.4, as the underlying operating system has changed from CentOS to Oracle Enterprise Linux.

    Additional details

    Usage instructions

    IMPORTANT: Security Onion must be setup once the virtual machine first starts. Additionally, an understanding of DNS and networking concepts is required. Most users will need to map the VM's hostname to the VM IP address, either via their local /etc/hosts file, or via a domain resolution service in order to access the web interface.

    Please review the following documentation links, as thoroughly understanding the architecture, such as which nodes should exist in AWS vs On-Premise, is an important prerequisite for deploying Security Onion in AWS.

    Guidelines on instance sizing as well as AMI-specific instructions. This is a must read for all users new to running Security Onion on AWS.

    Where data is stored within the VM's filesystem:

    How Security Onion data is secured:

    Information relating to updating passwords:

    To verify a healthy installation, follow the recommendations provided in the following links:

    Finally, if you run into trouble or need clarification, there is an active Security Onion community that helps answer questions relating to Security Onion. To take advantage of this free community support, visit our discussion forum:

    Premium support and Security Onion Pro licenses are also available for purchase.

    Resources

    Support

    Vendor support

    Free community support is provided by the general public. Search our forums for answers that may have already been provided by other users. Security Onion Solutions also offers premium support at an additional cost. Visit our support website for more information. Premium Support:

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    10
    In Monitoring, Log Analysis
    Top
    25
    In Data Security and Governance
    Top
    25
    In Network Infrastructure

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    1 reviews
    Insufficient data
    Insufficient data
    Insufficient data
    Insufficient data
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Network Visibility
    Provides signature-based detection via Suricata, protocol metadata extraction, full packet capture, and file analysis using Zeek or Suricata
    Host Monitoring
    Utilizes Elastic Agent for data collection, live queries through osquery, and centralized management via Elastic Fleet
    Log Management
    Aggregates logs into Elastic stack with custom user interfaces for alerting, hunting, dashboards, and case management
    Intrusion Detection
    Includes honeypot capabilities based on OpenCanary for enhanced enterprise visibility and threat detection
    Deployment Flexibility
    Supports standalone single VM, distributed grid, evaluation, and import installation modes for comprehensive security monitoring
    Log Aggregation and Monitoring
    Monitors entire IT environment by ingesting logs from CloudTrail, GuardDuty, EC2 network traffic, multiple AWS accounts, cloud services, on-premises networks, and remote endpoints
    Threat Detection Analytics
    Utilizes user and attacker behavior analytics with 900+ out-of-the-box detections and community threat intelligence to minimize false alarms
    Compliance Monitoring
    Supports log, event, and File Integrity Monitoring (FIM) requirements for compliance frameworks like PCI, HIPAA, and GDPR
    Advanced Defense Mechanisms
    Implements layered security defenses through honeypots, honey credentials, and honey files to detect potential intrusions
    Investigation Capabilities
    Provides detailed log timelines and automated response workflows to cut investigation times and enable rapid incident response
    Network Traffic Analysis
    Combines deep visibility of network packets with VPC Flow Logs coverage in a cloud-native platform with 90 days of record lookback
    Threat Detection Mechanism
    Utilizes cloud-scale machine learning to analyze behavior, detect threats, and automate investigation steps with advanced analytics
    Asset Discovery
    Automatically identifies, classifies, and monitors assets without requiring agents, reducing network blind spots
    Protocol Decryption
    Performs line-rate decryption and enterprise protocol decoding to enable comprehensive network traffic inspection
    Lateral Movement Detection
    Identifies post-compromise tactics like lateral movement and detects threats that other security tools might miss

    Contract

     Info
    Standard contract
    No
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    1
    1 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    100%
    1 AWS reviews
    |
    3 external reviews
    Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
    Anish Bajracharya

    Provides good threat hunting by finding infected ports, but its initial setup is difficult

    Reviewed on Mar 18, 2024
    Review provided by PeerSpot

    What is most valuable?

    The most valuable feature of Security Onion for security monitoring is its ability to find infected ports. I have used the Squert tool within Security Onion the most for threat hunting.

    What needs improvement?

    The initial setup of the solution is a little bit difficult.

    For how long have I used the solution?

    I have been using Security Onion for one year.

    How are customer service and support?

    The solution’s technical support is good and responsive.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a six out of ten.

    What's my experience with pricing, setup cost, and licensing?

    Security Onion is an open-source solution.

    On a scale from one to ten, where ten is expensive and one is cheap, I rate the solution's pricing a six out of ten.

    Which other solutions did I evaluate?

    Before choosing Security Onion, we evaluated Splunk. We chose Security Onion because it's a free and open-source solution.

    What other advice do I have?

    Security Onion is deployed on the cloud in our organization. I would recommend the solution to other users.

    Overall, I rate the solution a seven out of ten.

    Jörg Kippe

    A mature and affordable solution that is easy to install and easy to update

    Reviewed on Jan 15, 2024
    Review provided by PeerSpot

    What is our primary use case?

    The solution is used to learn how the tools work. It enables us to do consulting and demonstrate solutions. We develop attacks, detect them, and demonstrate how it works. The customers are interested in seeing how and what these tools can do.

    What is most valuable?

    We are only working with open-source products. The tool is very easy to install and easy to update. A lot of interfaces are specified. So, it's quite easy to make extensions. It is very important when we do experiments and try to connect and integrate other tools. Security Onion  is the most mature solution in the open source world. This is its biggest advantage.

    What needs improvement?

    The product takes time to learn, it's not that easy. In the beginning we had a lot of questions. If you want to use such a tool in an real (industrial) environment, you have to ask how to get the network data. Can we do a full packet capture? Can we provide agents to our end systems? There are no simple solutions to these questions. It's a general problem when running such systems in an industrial environment.

    For how long have I used the solution?

    I have been using the solution for about ten years. I am using the latest version.

    How are customer service and support?

    There is a community. If we are active and ask people questions, we get answers. We also have the option to buy support for difficult problems.

    Which solution did I use previously and why did I switch?

    We also use Malcolm. It is a similar platform. But it is not as mature as Security Onion . The system management features are not perfect and need to be improved.

    How was the initial setup?

    The solution is partially in a real environment and partially in a virtual environment. The focus is on the OT environment. Our main focus is to deliver security in automation systems. It is very easy to set up.

    What's my experience with pricing, setup cost, and licensing?

    It is an open-source solution. The vendor also sells a hardware solution (appliance) as a paid solution.

    What other advice do I have?

    My advice depends on the requirements, network, and resources available in an organization. It also depends on whether someone is looking for a turnkey solution, whether they are interested in working alone, and what their skills are. There is no one solution for all installations. Overall, I rate the product a ten out of ten.

    cybersec

    poorly developed , no support for software, no architecture or deployment details,

    Reviewed on Nov 06, 2023
    Review from a verified AWS customer

    poorly developed, no support for software, no architecture or deployment details,
    what is the purpose of having this software at this platform , absolutely nothing

    Derek Maraw

    The solution can be used for internal vulnerability assessment, but its user interface could be improved

    Reviewed on Aug 04, 2023
    Review provided by PeerSpot

    What is most valuable?

    We use Security Onion for internal vulnerability assessment.

    What needs improvement?

    Security Onion's user interface could be improved. The solution's general reporting should be made simple and better-looking in terms of graphics so that we can update our senior management.

    For how long have I used the solution?

    I have been using Security Onion for four years.

    What do I think about the stability of the solution?

    Security Onion is a stable solution, but we experience some crashes.

    I rate Security Onion a six out of ten for stability.

    What do I think about the scalability of the solution?

    Security Onion is a scalable solution, but some connected APIs are a bit difficult to integrate. Two people are using Security Onion in our organization.

    I rate Security Onion a five out of ten for scalability.

    How are customer service and support?

    We are part of the solution's blogging site, where we discuss with other people working on it so that we understand most things. Security Onion's blogging site or community forum helps us to resolve all our issues.

    How was the initial setup?

    Security Onion's deployment needs to be a bit simple. Some explanations or jargon are a bit complicated and should be made simple enough to understand.

    What's my experience with pricing, setup cost, and licensing?

    Security Onion is a free solution.

    What other advice do I have?

    Security Onion is deployed on our established private cloud, which operates from our recovery site.

    Security Onion does not need any maintenance.

    You need to be skilled in order to use Security Onion.

    Overall, I rate Security Onion a six out of ten.

    Which deployment model are you using for this solution?

    Private Cloud
    View all reviews