Thanks for your kind words!

You're welcome!

You will need some kind of web browser whether its inside the Security Onion Desktop or on some other machine. If you have further questions or problems, please start a new discussion at securityonion.net/discuss. Thanks!

The alerts are real. If you have further questions or problems, please start a new discussion at securityonion.com/discuss. Thanks!

@@security-onion OK, how do I find the corresponding computers or devices? Only IP addresses are displayed but no MAC addresses.

You may be able to find MAC addresses by pivoting to PCAP and then opening that PCAP in Wireshark or some other PCAP utility. However, depending on how you're monitoring traffic, the MAC addresses shown may not actually be the MAC addresses of the actual endpoints. For this reason, most folks focus on IP addresses rather than MAC addresses. Depending on your network, you may be able to correlate an IP address to an actual device via DNS, DHCP, or other means. If you have further questions or problems, plese start a new discussion at securityonion.com/discuss rather than replying here on KZbin. Thanks!

You can try it, but we do not recommend or support it. If you have further questions or problems, please start a new discussion at securityonion.net/discuss