| Sidebar Sponsor |
 |
|
 Latest News and Updates |
|
|
| 2026-03-02 |
NEW • Distribution Release: Security Onion 2.4.210 |
Rate this project
(--)
|
Doug Burks has announced the release of Security Onion 2.4.210, the latest stable version of the project's Oracle Linux-based distribution designed to perform threat hunting, enterprise security monitoring and log management: "Security Onion 2.4.210 now available with updated components and new features, including local model support for Onion AI. For Security Onion Pro customers, we've made major improvements for our popular new Onion AI Assistant. Many folks have been asking for local model support. If your local model has an OpenAI compatible endpoint, then this release can connect to it. Onion AI is a huge leap forward in leveraging AI to assist you in triaging alerts, working incidents, and tuning your deployment. This release updates several components including: Zeek to 8.0.6, Elasticsearch to 9.0.8, Docker to 29.2.1, Saltstack to 3006.19. This version of Salt has a configuration option minimum_auth_version for the Salt master. By default, this value is set to 3 and only minions on version 3006.12 or later support that version and are able to authenticate with the salt-master service." Continue to the release announcement for more details. Download (SHA256): securityonion-2.4.210-20260302.iso (14,690MB, signature, signing key, pkglist). |
|
| About Security Onion
|
| Security Onion is a specialist, security-oriented Linux distribution based on Oracle Linux. It is a free and open platform for threat hunting, enterprise security monitoring and log management. It includes custom interfaces for alerting, dashboards, hunting, PCAP, detections and case management. It also includes other tools, such as osquery (a tool for exploring and monitoring operating system data with SQL queries), CyberChef (a web application for encryption, encoding, compression and data analysis), Elasticsearch (a data search engine), Logstash (a data collection and processing engine), Kibana (a data visualization plugin for Elasticsearch), Suricata (an intrusion detection and prevention system) and Zeek (a software network analysis framework).
|
| Screenshots | 
| |
| Recent Related News and Releases |
| 2025-09-18 |
Distribution Release: Security Onion 2.4.180 |
|
Doug Burks has announced the release of Security Onion 2.4.180, an updated build of the project's Linux distribution designed for threat hunting, enterprise security monitoring and log management: "Security Onion 2.4.180 is now available and includes several new features, updated components and many quality-of-life improvements. Cancel your own long-running SOC query - Security Onion can now alert on offline agents, if you run a query in Security Onion Console (Alerts, Dashboards, Hunt) that takes a long time, you now have the ability to cancel your own query by clicking the X on the spinner animation. Enable static hostname mapping without reverse DNS lookups - you can now enable static hostname mappings without having to enable reverse DNS lookups. This release updates several components including Elastic 8.18.6, Suricata 7.0.12, Zeek 7.0.10. The Elastic and Suricata updates resolve security issues so we highly recommend upgrading. In the recent 2.4.170 release, we added a new hypervisor feature for Security Onion Pro customers. This release improves on that by allowing you to run the hypervisor on a manager." Read the full release announcement for further information. Download (SHA256): securityonion-2.4.180-20250625.iso (14,822MB, signature, signing key, pkglist). |
|
| 2025-06-25 |
Distribution Release: Security Onion 2.4.160 |
|
Doug Burks has announced the availability of and updated build of Security Onion, a specialist Linux distribution designed for threat hunting, enterprise security monitoring and log management. The new release, version 2.4.160, comes with several new alert response tools: "Security Onion 2.4.160 is now available and includes Playbooks and Guided Analysis to help you more quickly triage and respond to alerts. In this release, when you expand an alert you'll see a new tab called Guided Analysis. This leverages Playbooks to show you plays associated with the alert. These plays include questions which help guide your investigation. Each question has an associated query and the results of that query will be automatically displayed to help you answer the question. This release includes a number of hand-written playbooks that are used at the detection engine (NIDS, Sigma, YARA) and category (e.g 'ET MALWARE') level. We have also used AI to generate individual Playbooks for all ETOPEN NIDS rules (58k)." Continue to the release announcement for more information and screenshots. Download the installation ISO image from GitHub (SHA256): securityonion-2.4.160-20250625.iso (14,006MB, signature, signing key, pkglist). |
|
|
| Random Distribution | 
Clonezilla Live
Clonezilla Live is a Debian-based live CD containing Clonezilla, a partition and disk cloning software similar to Norton Ghost. It saves and restores only used blocks in hard drive. With Clonezilla, one can clone a 5 GB system to 40 clients in about 10 minutes.
Status: Active
|
|