Chapter 9

Live traffic analytics using “Security Onion”


Here, we show how to install and use Security Onion open source appliance in combination with probes. With distributed detection of intrusions and centralized logging, we show how real-time detections and post-attack trending may be practically implemented.


Security Onion
intrusion detection
Security Onion is a roll-up distribution of Ubuntu Linux, with many live traffic analytics utilities preinstalled for you. In addition, Security Onion adds a lot of value added linking of tools to make live monitoring possible. Whereas tools like Kali Linux allow you to intentionally scan for vulnerabilities and generate DDoS and penetration attacks, Security Onion is all about ...

Get Network Performance and Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.