Security Onion Essentials 2.4 - Security Onion Installation, Part 2

Thanks, glad you like it!

could you help me please? I tried to install but failed 3 times. Dont know what is going wrong.

@user-kc4jq1em6l If you have questions or problems, please start a new discussion at securityonion.net/discuss

@@user-kc4jq1em6llet us know exactly where you got stuck. also I left a comment on top take a look hopefully helps.

Thanks, glad you like them!

@user-kc4jq1em6l If you have questions or problems, please start a new discussion at securityonion.net/discuss

If you have questions or problems, please start a new discussion at securityonion.net/discuss

If you have questions or problems, please start a new discussion at securityonion.net/discuss

I tried installing their ISO on an AMD endpoint, tried other ISOs + manual install, kept running into a variety of different issues.
I think this only works on their hardware, or other very specific hardware. As for me, until it supports either Ubuntu 20.04 (or newer) or Rocky/Alma Linux 9+ (which it claims it does, but not really when you get to it), I'm going to be passing on this and just going with Wazuh and other monitoring tools.
Really wanted to give this a chance, but too many issues with just the installation to begin with.

@zayras7 If you have questions or problems, please start a new discussion at securityonion.net/discuss

⁠@@Zayras7i noticed i had download issues using edge/chrome not getting the full download expect file size to be around 11 gigs i had used a download manager that handled it better.

@@gjkrisa thanks, that wasn't my issue, unfortunately.
I did end up deploying this on a Proxmox host as the sole VM on that particular host that worked, although it did complain about me using AMD (since I was using host-passthrough) for the CPU.

If you install Security Onion in a VM, then it can have a static IP address on the virtual network while your host OS has a dynamic IP on whatever network it's connected to. If you have further questions or problems, please start a new discussion at securityonion.com/discuss. Thanks!

Security Onion can collect live network traffic from a tap or span port. You can also import past traffic via PCAP files. For more information, please see our documentation at docs.securityonion.net/en/2.4/introduction.html. If you have further questions or problems, please start a new discussion at securityonion.com/discuss. Thanks!

@@security-onion i mean based on this set up, is it collecting network traffic from a tap or span port?

Span port. If you have further questions or problems, please start a new discussion at securityonion.com/discuss.

@@security-onion thanks for the reply I posted my problem on the GitHub security onion community but didn’t get help , I followed all the steps and there’s no alerts on the alerts interface , but I can see some detections on the detection interface , hint and dashboard
I restarted the whole process again of downloading security onion again, let me see how it goes

Please make sure you read the discussion guidelines at github.com/Security-Onion-Solutions/securityonion/discussions/1720 and be patient. If you don't have responses in a day or two, you may follow up to your discussion but please keep in mind that community support is considered best effort and there are no guaranteed response times.