The Security Onion app helps you to collect log data from popular open-source threat hunting and security monitoring solutions. You can use the provided Resource Sets to find and alert on unexpected or possibly malicious activity.

What type of data does Security Onion ingest?

The Security Onion app collects data directly from logs on the Security Onion node:

• Suricata - Network alerts
• Wazuh - Vulnerability alerts
• Zeek - Network session data

To ingest these resources, create a token, then use the securityonion option in the Linux Host Monitoring configuration script app. For more about exploring this data, see View Security Onion data in Observe.