Introduction to Security Onion

Ross Heenan, Naghmeh Moradpoor

Research output: Contribution to conferencePaper

1329 Downloads (Pure)


Security Onion is a Network Security Manager (NSM) platform that provides multiple Intrusion Detection Systems (IDS) including Host IDS (HIDS) and Network IDS (NIDS). Many types of data can be acquired using Security Onion for analysis. This includes data related to: Host, Network, Session, Asset, Alert and Protocols. Security Onion can be implemented as a standalone deployment with server and sensor included or with a master server and multiple sensors allowing for the system to be scaled as required. Many interfaces and tools are available for management of the system and analysis of data such as Sguil, Snorby, Squert and Enterprise Log Search and Archive (ELSA). These interfaces can be used for analysis of alerts and captured events and then can be further exported for analysis in Network Forensic Analysis Tools (NFAT) such as NetworkMiner, CapME or Xplico. The Security Onion platform also provides various methods of management such as Secure SHell (SSH) for management of server and sensors and Web client remote access. All of this with the ability to replay and analyse example malicious traffic makes the Security Onion a suitable low cost alternative for Network Security Management. In this paper, we have a feature and functionality review for the Security Onion in terms of: types of data, configuration, interface, tools and system management.
Original languageEnglish
Number of pages4
Publication statusPublished - 10 May 2016
Event The First Post Graduate Cyber Security Symposium - Edinburgh Napier University, Edinburgh, United Kingdom
Duration: 10 May 201610 May 2016


Conference The First Post Graduate Cyber Security Symposium
Abbreviated titlePGCS
Country/TerritoryUnited Kingdom


  • Security onion
  • Intrusion detection systems (IDS)
  • Host-based IDS (HIDS)
  • Network-based IDS (NIDS)
  • Network forensic analysis tools (NFAT)
  • Network security management (NSM)


Dive into the research topics of 'Introduction to Security Onion'. Together they form a unique fingerprint.

Cite this