Please see the :ref:`trouble-booting` section.
Please see the :ref:`installation` section.
Please see the :ref:`configuration` section.
What if I receive a The IP being routed by Linux is not the IP address assigned to the management interface error message?
Please see the warning about this in the :ref:`configuration` section.
We only support the English language at this time.
Please see the :ref:`soup` section.
Please see the :ref:`firewall` section.
Please see the :ref:`proxy` section.
No, we only support x86-64 (standard Intel/AMD 64-bit architectures). Please see the :ref:`hardware` section.
Please see the :ref:`passwords` section.
Please see the :ref:`adding-accounts` section.
Please see the :ref:`community-support` section.
Yes, we offer commercial support at https://securityonionsolutions.com.
No, Security Onion does not support blocking traffic. Most organizations have some sort of Next Generation Firewall (NGFW) with IPS features and that is the proper place for blocking to occur. Security Onion is designed to monitor the traffic that makes it through your firewall.
Please see the :ref:`tools` section.
Please see the :ref:`directory` section.
Please see the :ref:`timezones` section.
Please see the :ref:`timezones` section.
In general, Security Onion attempts to make use of as much disk space as you give it. Depending on installation type, it should continue writing data to disk until disk usage reaches 80-90% at which point it should begin purging old data. Most disk space is used by :ref:`elasticsearch` or full packet capture written to disk via :ref:`stenographer` or :ref:`suricata`.
Standard network connections to or from Security Onion are encrypted. This includes SSH, HTTPS, :ref:`elasticsearch` network queries, and :ref:`salt` minion traffic. Endpoint agent traffic is encrypted where supported. This includes the :ref:`elastic-agent` which supports encryption with additional configuration. SOC user account passwords are hashed via bcrypt in Kratos and you can read more about that at https://github.com/ory/kratos.
Please see the :ref:`email` section.
Please see the :ref:`bpf` section.
Please see the :ref:`bpf` section.
Please see the :ref:`bpf` section.
Please see the :ref:`firewall` section.
Please see the :ref:`new-disk` section.
back to top
Please see the :ref:`pcaps` section.
Please see the :ref:`ntp` section.
Security Onion automatically backs up some important configuration as described in the :ref:`backup` section. However, there is no automated data backup. Network Security Monitoring as a whole is considered "best effort". It is not a "mission critical" resource like a file server or web server. Since we're dealing with "big data" (potentially terabytes of full packet capture) of a transient nature, backing up the data would be prohibitively expensive. Most organizations don't do any data backups and instead just rebuild boxes when necessary.
Filebeat has been replaced by :ref:`elastic-agent`.
Grafana has been replaced by :ref:`grid`.
Playbook has been replaced by :ref:`detections`.
Wazuh has been replaced by :ref:`elastic-agent`.
Please see the :ref:`detections` section.
Please see the :ref:`oidc` section.