Security Onion includes the Elastic Stack:
In addition, we’ve added the following:
Each of the components above has its own Docker image.
You can get an idea of what this whole integration looks like at a high-level by viewing our architecture diagram.
- Data Fields
- Alert Data Fields
- Bro Fields
- Elastalert Fields