Quick Evaluation using Security Onion ISO image

If you just want to quickly evaluate Security Onion using our ISO image:

  1. Review the Hardware Requirements and Release Notes pages.

  2. Download and verify our Security Onion ISO image.

  3. Boot the ISO image and choose the default boot menu option.

  4. Once the live desktop appears, double-click the Install SecurityOnion icon.

  5. Follow the prompts in the installer. If prompted with an encrypt home folder or encrypt partition option, DO NOT enable this feature. If asked about automatic updates, DO NOT enable automatic updates.

  6. Once the installer completes, reboot into your new installation and login using the username and password you specified during installation.

  7. Double-click the Setup icon to run normal Setup. Alternatively, you can run minimal Setup by opening a terminal (Ctrl-Alt-T) and then typing sudo sosetup-minimal and pressing Enter. The Setup wizard will walk you through configuring /etc/network/interfaces and will then reboot.

  8. After rebooting, log back in and start Setup the same way you did previously (either double-clicking the icon or running sudo sosetup-minimal). It will detect that you have already configured /etc/network/interfaces and will walk you through the rest of the configuration. When prompted for Evaluation Mode or Production Mode, choose Evaluation Mode.

  9. Once you’ve completed the Setup wizard, use the Desktop icons to login to Sguil, Squert, or Kibana.

  10. Finally, review the Post Installation page.