Every homelab needs this.

is it okay if i install to a external SSD?

Can you help me? I am not seeing any alert nor any data in any tools like kibana , etc... Iam trying to find out for more than 1 week.

Thank you, It's very useful video.

Hi! how to do this with a Eval mode? Thank you!

i try to install the nachine as shown in the video , in the end of the installation there is no way to access the web interface , i got the directory of the security onion on the machine but dont know what to do

Hello sir , I am stuck at : 0curl: (6) Could not resolve host:sigs.securityonion.net , So can you please help me with this issue

I am extremely excited to get my home lab set up. Thanks for the concise series, dude!

Excellent work

Hello, now I ask again: in the evaluation version, are the results under Alert real or placeholders?

Are there real alarms in the evaluation or are the placeholders not real?

My adversaries will grid their teeth after weeping....there's a need for a cert of completion to proof the understanding on how to peel the onion

Good stuff....thanks for sharing

I have watched the install videos and you installed the eval version, i plan on installing the desktop version and am wondering if i will still need to use the web interface to monitor traffic

thanks for video

Thank you so much this is great. You are a gifted teacher.

Thanks

Thank u ☺️

Thank you very much!

miss the suricata and logs of apps of pfsense, but great work, keep doing more, and integrations with flux

An osquery video would be awesome :)

I saw "Evaluation installs and Import installs do not support remote elastic agents. The links below are shown for demonstration purposes only." after I installed the eval version security onion following your installation guide video, is that means I have to install to other mode? Thank you.

I do not see a way to change severity by one click, or to suppress alert temporarily, or to automatically get IP etc from alert. So it looks as a good step but it is ONLY a FIRST STEP. For example,. we reclassify events in Zabbix all the time, we set up timed reclassifications often, we may need to update a GROUP of Detection rules at once. Idea is great but it looks as very first implementation yet. (Of course I can clone the rule, then change severity in the cloned rule and disable original rule. but why to do it so complicated? or we want to suppress all alerts 'traffic with ... group' whch we do by re: expression today - it's not implemented yet (looks this way) and there are 50+ IP groups and about 10 alerts per group... so what disable can do by single re: rule, detection will require 100 updates (looks like this).

Any chance you paste the various command line inputs

Oh this will be very useful. Cool feature indeed, thank you!! Two things: 1. Any possibility of adding an optional Elastic Defend/Predefined Rules integration to that Detections menu? Currently it is buried in Kibana and requires some additional digging to add the Predefined Rule integration, then unhide the Security tab Kibana Spaces? 2. Any chance of upgrading the OSquery Manager to the Velociraptor platform to integrate that amazing tool's DFIR capabilities with the SOC/Elastic Agent?

somehow SYSMON integration not working or showing up as an integration for a windows box. i'd added SYSMON to the node after the agent was enrolled. does this require removal (big pains here also, it won't properly remove)? Would be great to have a guide for this. Also for Linux SYSMON

can this functionality work with pfsense comunity edition ?

Is there an in place upgrade option available?

I can't wait to upgrade! Is there an estimated release date? Great job team!

Wow, this is a great improvement for tuning. Can't wait to give it a try!

awesome, just as i imagined it in my head! i will look forward to the update, sheesh this will shorten the tuning process by a lot. Thanks to the SO Team!!!

Wow, nice works Security Onion Team!! This will be a much better work flow

I've watched the new video at least four times. Super excited about the Detections module release. Great job!!!!

Huge quality of life upgrade thank you I'm really looking forward to updating

Is it possible to revert changes through history? Is there a rule validator in the Signarutre field? Will the syntax color highlighting appear?

This really is a great new feature. Can't wait to try it out.

Love it

Excellent keynote!

Does this still work?

our network firewall log is coming to my computer how can i send sec-onion?

Awesome, great material great teacher.

Thank you - Great tutorial. Unfortunately I failed to get it working neiger with pfSense nor with fortigate. tcpdump shows the incoming packages, but they are not parsed. Do you have any hint how to start toubleshooting?

Hello, is Winlogbeat in 2.4.50 ?

Great information. Is there a video to port Cisco switch log files to SO ?

This video series has been a great help in getting me hands on experience for the CySA+ cert. Wouldn't of been able to install an agent on my computer without it!

I would also love to see an osquery video. A strelka one would be great too.

Thanks

Thank you for the video

Does the IP of the virtual machine (to access the SOC) has to be the same as that of the host computer?

Thank you, just in the time :)