Security Onion
@securityonion.bsky.social
By defenders. For defenders.
Peel back the layers of your network and make your adversaries cry.
https://www.securityonion.com
Peel back the layers of your network and make your adversaries cry.
https://www.securityonion.com
Security Onion 2.4.190 now available including Onion AI Assistant!
Introducing the all-new Onion AI, an advanced LLM-based security analyst assistant, built directly into the Security Onion console.
Designed BY defenders FOR defenders!
Introducing the all-new Onion AI, an advanced LLM-based security analyst assistant, built directly into the Security Onion console.
Designed BY defenders FOR defenders!
October 27, 2025 at 2:49 PM
Security Onion 2.4.190 now available including Onion AI Assistant!
Introducing the all-new Onion AI, an advanced LLM-based security analyst assistant, built directly into the Security Onion console.
Designed BY defenders FOR defenders!
Introducing the all-new Onion AI, an advanced LLM-based security analyst assistant, built directly into the Security Onion console.
Designed BY defenders FOR defenders!
Security Onion 2.4.180 now available including new features, updated components, and quality of life improvements!
blog.securityonion.net/2025/09/secu...
blog.securityonion.net/2025/09/secu...
September 17, 2025 at 9:02 PM
Security Onion 2.4.180 now available including new features, updated components, and quality of life improvements!
blog.securityonion.net/2025/09/secu...
blog.securityonion.net/2025/09/secu...
🚨 Security Onion 2.4.170 now available including JA4, more SOC dashboards, and updated components! 🚨
🔍Let's find more hackers! 🔍
If you like Security Onion, please like and share to help spread the word!
blog.securityonion.net/2025/08/secu...
🔍Let's find more hackers! 🔍
If you like Security Onion, please like and share to help spread the word!
blog.securityonion.net/2025/08/secu...
August 12, 2025 at 2:55 PM
🚨 Security Onion 2.4.170 now available including JA4, more SOC dashboards, and updated components! 🚨
🔍Let's find more hackers! 🔍
If you like Security Onion, please like and share to help spread the word!
blog.securityonion.net/2025/08/secu...
🔍Let's find more hackers! 🔍
If you like Security Onion, please like and share to help spread the word!
blog.securityonion.net/2025/08/secu...
Security Onion 2.4.160 now available including Playbooks, Guided Analysis, MCP Server, and more!
Have you ever had an alert and were unsure of what to do next? In this release, when you expand an alert you'll see a new tab called Guided Analysis.
Have you ever had an alert and were unsure of what to do next? In this release, when you expand an alert you'll see a new tab called Guided Analysis.
June 25, 2025 at 6:34 PM
Security Onion 2.4.160 now available including Playbooks, Guided Analysis, MCP Server, and more!
Have you ever had an alert and were unsure of what to do next? In this release, when you expand an alert you'll see a new tab called Guided Analysis.
Have you ever had an alert and were unsure of what to do next? In this release, when you expand an alert you'll see a new tab called Guided Analysis.
🧅♥️Security Onion 2.4.150: Celebrating Mother's Day with MoM (Manager of Managers) 🧅♥️
Yesterday was Mother's Day and we are very thankful for our mothers!
Yesterday was Mother's Day and we are very thankful for our mothers!
May 12, 2025 at 5:13 PM
🧅♥️Security Onion 2.4.150: Celebrating Mother's Day with MoM (Manager of Managers) 🧅♥️
Yesterday was Mother's Day and we are very thankful for our mothers!
Yesterday was Mother's Day and we are very thankful for our mothers!
This release also adds a new feature to SOC Config that allows you to move certain configuration entries up or down. This includes things like SOC Dashboard queries, SOC Hunt queries, and SOC Actions:
March 25, 2025 at 1:59 PM
This release also adds a new feature to SOC Config that allows you to move certain configuration entries up or down. This includes things like SOC Dashboard queries, SOC Hunt queries, and SOC Actions:
March 25, 2025 at 1:58 PM
The main focus of this release is upgrading Suricata and Zeek.
Suricata 7.0.9 includes some security fixes:
suricata.io/2025/03/18/s...
Suricata 7.0.9 includes some security fixes:
suricata.io/2025/03/18/s...
March 25, 2025 at 1:58 PM
The main focus of this release is upgrading Suricata and Zeek.
Suricata 7.0.9 includes some security fixes:
suricata.io/2025/03/18/s...
Suricata 7.0.9 includes some security fixes:
suricata.io/2025/03/18/s...
Security Onion 2.4.140 now available including Suricata 7.0.9, Zeek 7.0.6, and much more!
For more details, please see the thread 🧵and the link below!
For more details, please see the thread 🧵and the link below!
March 25, 2025 at 1:58 PM
Security Onion 2.4.140 now available including Suricata 7.0.9, Zeek 7.0.6, and much more!
For more details, please see the thread 🧵and the link below!
For more details, please see the thread 🧵and the link below!
This release includes support for some additional Zeek logs for protocol metadata like NTP and LDAP.
March 11, 2025 at 5:49 PM
This release includes support for some additional Zeek logs for protocol metadata like NTP and LDAP.
Our SOC Configuration interface is now even easier to use, especially for config items like Actions, Dashboard queries, and Hunt queries.
March 11, 2025 at 5:48 PM
Our SOC Configuration interface is now even easier to use, especially for config items like Actions, Dashboard queries, and Hunt queries.
SOC Alerts has an advanced interface that provides more data similar to SOC Dashboards. You can now permanently enable that advanced interface using the toggle under the Options menu.
March 11, 2025 at 5:48 PM
SOC Alerts has an advanced interface that provides more data similar to SOC Dashboards. You can now permanently enable that advanced interface using the toggle under the Options menu.
Also, we've included ALL Elastic integrations in this release!
March 11, 2025 at 5:48 PM
Also, we've included ALL Elastic integrations in this release!
The main focus of this release is upgrading to Elastic 8.17.3!
March 11, 2025 at 5:48 PM
The main focus of this release is upgrading to Elastic 8.17.3!
Security Onion 2.4.130 now available including Elastic 8.17.3 and much more!
Please see thread 🧵below for more details!
Please see thread 🧵below for more details!
March 11, 2025 at 5:47 PM
Security Onion 2.4.130 now available including Elastic 8.17.3 and much more!
Please see thread 🧵below for more details!
Please see thread 🧵below for more details!
In addition to the new features above, we've updated several components including:
February 12, 2025 at 6:40 PM
In addition to the new features above, we've updated several components including:
This release includes a new MSI option for deploying the Elastic Agent to your Windows endpoints!
February 12, 2025 at 6:39 PM
This release includes a new MSI option for deploying the Elastic Agent to your Windows endpoints!
This release includes improvements for our ATT&CK Navigator integration! Navigator will now have 4 tabs across the top:
Detections Coverage - All Detections
Detections Coverage - Sigma
Detections Coverage - Suricata
Alerts (Last 3 Days)
Each tab will highlight coverage based on the title of the tab
Detections Coverage - All Detections
Detections Coverage - Sigma
Detections Coverage - Suricata
Alerts (Last 3 Days)
Each tab will highlight coverage based on the title of the tab
February 12, 2025 at 6:39 PM
This release includes improvements for our ATT&CK Navigator integration! Navigator will now have 4 tabs across the top:
Detections Coverage - All Detections
Detections Coverage - Sigma
Detections Coverage - Suricata
Alerts (Last 3 Days)
Each tab will highlight coverage based on the title of the tab
Detections Coverage - All Detections
Detections Coverage - Sigma
Detections Coverage - Suricata
Alerts (Last 3 Days)
Each tab will highlight coverage based on the title of the tab
This release includes Zeek 7 and also adds support for analyzing more network protocols like QUIC, HTTP2, OpenVPN, and IPSEC!
February 12, 2025 at 6:39 PM
This release includes Zeek 7 and also adds support for analyzing more network protocols like QUIC, HTTP2, OpenVPN, and IPSEC!
This release includes a new feature for Security Onion Pro customers! If you have a valid Pro license, you will be able to connect to the Security Onion API from external API clients. This means that you can create cases, pull PCAPs, or acknowledge alerts using automation!
February 12, 2025 at 6:39 PM
This release includes a new feature for Security Onion Pro customers! If you have a valid Pro license, you will be able to connect to the Security Onion API from external API clients. This means that you can create cases, pull PCAPs, or acknowledge alerts using automation!
This release includes a new local IP lookup feature! This allows you to define local descriptions for important IP addresses in your environment. This is useful for IP addresses that don't have a reverse DNS entry or for when you want to override the reverse DNS entry with a custom value.
February 12, 2025 at 6:38 PM
This release includes a new local IP lookup feature! This allows you to define local descriptions for important IP addresses in your environment. This is useful for IP addresses that don't have a reverse DNS entry or for when you want to override the reverse DNS entry with a custom value.
Over the last few months, we've continued to iterate on our new AI Summary feature to make it available in the Alerts interface without having to pivot to Detections! Directly under the new AI Summary, you can now easily tune your rules right from the Alerts interface!
February 12, 2025 at 6:38 PM
Over the last few months, we've continued to iterate on our new AI Summary feature to make it available in the Alerts interface without having to pivot to Detections! Directly under the new AI Summary, you can now easily tune your rules right from the Alerts interface!
🚨Security Onion 2.4.120 now available including lots of new features and updates! 🚨
For more details, please see 🧵below.
If you like Security Onion🧅, please like and share to help spread the word! Thanks!
For more details, please see 🧵below.
If you like Security Onion🧅, please like and share to help spread the word! Thanks!
February 12, 2025 at 6:37 PM
🚨Security Onion 2.4.120 now available including lots of new features and updates! 🚨
For more details, please see 🧵below.
If you like Security Onion🧅, please like and share to help spread the word! Thanks!
For more details, please see 🧵below.
If you like Security Onion🧅, please like and share to help spread the word! Thanks!
Our upcoming Security Onion 2.4.120 release includes a new local IP lookup feature!
This allows you to define local descriptions for important IP addresses in your environment.
Security Onion 2.4.120 is coming soon!
This allows you to define local descriptions for important IP addresses in your environment.
Security Onion 2.4.120 is coming soon!
January 23, 2025 at 1:39 PM
Our upcoming Security Onion 2.4.120 release includes a new local IP lookup feature!
This allows you to define local descriptions for important IP addresses in your environment.
Security Onion 2.4.120 is coming soon!
This allows you to define local descriptions for important IP addresses in your environment.
Security Onion 2.4.120 is coming soon!
Our upcoming Security Onion 2.4.120 release includes CyberChef 10.19.4!
Security Onion 2.4.120 is coming soon!
Security Onion 2.4.120 is coming soon!
January 21, 2025 at 9:07 PM
Our upcoming Security Onion 2.4.120 release includes CyberChef 10.19.4!
Security Onion 2.4.120 is coming soon!
Security Onion 2.4.120 is coming soon!