Thank you very much. I had a dedicated machine for securityonion but it was overkill. Now it's virtual and running like a breeze. Great video's. I use a mikrotik 10 port router at home. Easy to configure a span port.

Man...I was looking for this for long time...thank you !

to those interested, you can add splunk to security onion depending on your hardware performance may be affected but if you have enough ram and good CPU you can enhance threat hunting capabilities. early days on this test but so far not bad. anyway good video.

Thank you, Brother, you are Awesome! Keep making new videos!!!

This is very well done. Excellent explanation at a pace that is perfect. Thank you for sharing your knowledge.

I just want to tell you Howard - your dedication and drive to showing the world how to utilize a skillset such as this is easily one of the most inspiring instructional series I've ever come across. Even with the slight language barrier due to your accent, your charisma makes it non-existent, not to mention your command of the English language is incredible. You are one of the most professional human beings I've ever wanted to follow in my life. You are a testament to the aphorisms of following your heart no matter what and you will succeed. Of the 100's of videos I've watched in my pursuit of all things network security - I not only choose yours as #1 hands down - I recommend you to everyone who asks me who the best is for this type of info. While I may not be anybody special - I want to tell you that you have earned my respect as #1 and I am not only happy to follow your guides - I'm even excited to. Keep up the good work man, you are incredible. For what it's worth, I'm super proud of you, you've come a long long way!

As someone who’s recently built a wazuh instance from the ground up - I find it increasingly odd how every security onion video I come across barely mentions it. Very very power tool, with lots of integration capabilities, and rules for active responses. Such a HUGE competent that continues to be glossed over. The wazuh modules API is also very nice and makes it extremely easy to see what’s going on with each of your hosts. All this other stuff is great too… I just don’t understand why people aren’t talking about wazuh / ossec more in these vids lol

Thank you so much I.T Security Labs

Thank you so much. Great video

Great stuff man! ....keep them coming we appreciate you!

Great video.

Absolutely amazing work, keep up the great work u are doing. Can u plz also make a video on how to make alerts against security events using Security Onion? I wonnder if security onion has the capability to generate alerts so the SoC team can immediately tale action on it.

You are pretty good. Like it

thanks man fot this video ;-)

Hi, I really like ur channel, u are doing an amazing job. I am facing an issue while installing securityonion that the installation setup is getting hanged up at SaltStack installation. We would really appreciate if u can make a video highlighting the fix for that issue.

this content is really really good for others as well ;)

very useful video, thank you so much it will save lot of time..

Could you tell me which application you are using for the layout of the network. I don't think it is Visio. BTW - nice job.

Hi I.T Security Labs 👋. I am currently learning security..please made more video about IT Security world.. I am interested in IT Security and want to develop career in IT Security. Thank you!! 😁

I've installed in my home lab security onion on both ESXI and Virtualbox successfully, unfortunately on both platforms kibana is not receiving alerts. I've tried versions 2.3.171 till 2.3.190 but with same problem. My monitor network configuration on virtualbox is host only and dhcp and similar on ESXI. I,m using kali to attack other machines on same network in the lab.Can you suggest what i can try to make this work.

Wow ! Such a great video. I have a couple questions: 1. If I had two VLANS on the switch - one for the router/firewall and switch and servers(vlan100/192.168.100.x address main) to be on and another for APs (vlan200/192.168.200.x). Would I set the VMware IDS to the vlan it is physically connected to or leave it blank ? 2. If this IDS was connected to a second switch which is trunked to the first one which is then trunk connected to the router, would I port mirror on the trunk port of the second switch ?

Do you organize one on-one or group tutoring? Very and educative topics

So why do you want it to be in evaluation mode? is there a differences for eval mode and the standard? Should the vSwitch port that is connected to your physical NIC on your PC be 10gbit on both ends or does that not matter. I mean I would belive it would best to use a 10gbit for IDS and other monitoring features a SIEM requires for maximum throughput of bandwidth? also awesome video, also what is Playbook and the Osquery you selected under the install of Security Onion?

Thank you for this amazing video. I had a question regarding this product, can I install this on the cloud and monitor an organisation and its local servers? Or do I need to deploy it locally. I want to run this on the cloud and use it to monitors local servers, if that is a possibility lot of things can be achieved.

can you help me with the same installation for AWS cloud?

Hi, great vid!. I'm using vmware workstation pro 16. Do I have an option to set the sniffing interface to promiscous mode?

Hello, I have a very old server and it does not support VMware so I mounted CentOS 7 and I am using VMware that brings native, I installed Security Onio as a virtual machine, on the physical machine I have a monitoring port that works fine, I already tried it with wireshark, my problem is that I can't get the traffic to the virtual machine, can you help me?

Hey, i recalled you had a video that showed how you SPAN traffic through pfsense to security onion via VirtualBox, did you take down that video? I would like to reference to it again to setup my security onion. As i currently am using VMware workstation, do not have the same options as VMware Esxi

Thanks for the video. Some feedback, you should explain each stage of why you do what you do. For example - the DNS server. Maybe I'm the noob here, but I always left it to the Google DNS servers. Is there a particular reason you chose the DNS server that you did? Likewise, you are running thru a lot of the steps just to walk thru them. It would be great if you walked us thru the rationale. Thanks.

Thank you for this video. How many tries did it take you to deploy Security Onion? My Security Onion ver2.3 deployment keeps on going into an installation loop meaning the deployment completes then upon first reboot it reinstalls again and this kept on going for more than ten times before I gave up. Now I understand this is bleeding edge but 10 times was my limit. My configuration specs are as follows: 4CPUs, 16GB RAM and 500GB HD (set to fixed instead of dynamic allocation) and deploying this in Virtualbox.

Hello, can you share your architecture diagram on git our google drive.

What ip should i give to my onion ?

Have you had any luck getting syslog into it? I had no issues on setup 2.3.1 and 2.3.2 but cannot seem to get any syslog into it. Seems like the logs are reaching the security onion server as seen on tcpdump but they are not being displayed in Kibana

I used NAT for adapter 1 and Bridge (Allow All) 2nd adapter for my Security Onion. For web access I chose IP address and I have "so-allowed" my host machine IP address but I can't access security Onion webpage. Please what am I doing wrong? Send help

how useful is the IDS this if most or all of the traffic is encrypted?

I am using Vmware fusion and done with the install of eval version. But cannot get to the web GUI of the security onion Any ideas?

Does your dell server have two physical Nics?

You started this playlist with instructions on installing Pfsense virtually and recommended we install it virtually but in this video you are giving instructions on how to set up Sec Onion from a setup which has Pfsense installed physically. This is very confusing.

Seems like it is running, but no alerts in SO. I think I am fuzzy on: the lack of alerts does this is indicate there is something wrong with the installation/mirroring for SO, or are the alerts something that need to be configured. I installed 2.4.20 on an Esxi 8 Great series! I so appreciate all of these videos.

Buddy of mine installed and said it was missing events