Security Onion 3.0.0 Now Available with New and Improved Interface and Much More! blog.securityonion.net/2026/…

DID YOU KNOW? It's possible to enable or disable Suricata NIDS rules in Security Onion using regular expressions -- if you want to turn off all of those ET INFO or TOR alerts, this is an easy way to do it. And the best part is it will apply to new rules that are added to the set in the future. More information here: docs.securityonion.net/en/3/…

🚀Introducing SO-CRATES 1.0 — Security Onion Containerized Rapid Analysis of Threats, Evil, and Sus! SO-CRATES is a single container image for analyzing pcap files, log files, and binary files. It was formerly known as OhMyPCAP. Here's what you can do with SO-CRATES: ✅analyze pcap files and then review Suricata alerts, metadata, and extracted files ✅import log files and then review Sigma alerts and the original log entries ✅import binary files and then review YARA matches and file metadata All of this runs in a single Docker/Podman container — perfect for air-gapped environments, malware analysis, incident response, threat hunting, forensics & teaching. Who’s trying it out? Drop a ❤️ and reply with your main use case! #DFIR #Cybersecurity #BlueTeam #ThreatHunting #Suricata #YARA #Sigma @Suricata_IDS @lennyzeltser @chrissanders88 @sansforensics @TomLawrenceTech

On this day in 2009 the very first release of Security Onion hit the Internet. A lot has changed since then, but it's still the best free and open solution to help you peel back the layers of your network and see what's really happening.

Good morning Charm City! If you're at #AFCEATechnet, come to booth 3242 to see the legendary Michael Stokes and learn about using Security Onion to peel back the layers of your network.

It's time for O's, Bohs, and SO -- Security Onion Solutions is coming to Baltimore! Looking forward to seeing all our friends at #AFCEATechnet in Charm City this week, come see us at booth 3242 to find out how we can help you peel back the layers of your network and make the bad guys cry.

Security Onion 3.1.0 Hotfix 20260528 Now Available! We've released a hotfix to Security Onion 3.1.0 to address issues for deployments with Heavy Nodes or custom Logstash pipelines - please check out this blog post for more information. blog.securityonion.net/2026/…

IT'S TIME FOR SOUP! Security Onion 3.1.0 is now available and includes new features, updated components, and many quality-of-life improvements! Get all the details on our blog: blog.securityonion.net/2026/…

DID YOU KNOW? Starting in version 2.4.170, Security Onion Pro users have access to a new type of Security Onion node, the Hypervisor Node. The Hypervisor node uses Linux-native virtualization libraries to run multiple independent SO nodes on a single piece of hardware -- if you have a powerful server that's being underutilized, this allows you to spin up additional nodes on it from inside the Security Onion Console, with no reliance on other virtualization platforms. More information here: docs.securityonion.net/en/2.…

SAVE THE DATE! We will once again be hosting the Security Onion Conference in beautiful Augusta, GA on October 23rd. Registration will open on August 7. Today, we are opening our Call For Presenters (CFP) for the conference. Have you developed a unique use case for Security Onion? Integrated it with other tools? Deployed it in an exciting new environment? We want to hear all about it! blog.securityonion.net/2026/…

ICYMI: Last week we had a webinar with our friends from Garland Technology on using their TAPs and packet brokers along with Security Onion for a holistic view of what's happening on your network. Check it out! youtube.com/watch?v=VvBlag1a…

THURSDAY: Join our Senior Engineer Matthew Gracie, along with Chris Bihary and our friends from Garland Technology, for the webinar "See Everything, Miss Nothing: Enhancing Threat Detection with Complete Packet Visibility and Full Packet Capture". Come learn how Garland TAPs and packet brokers can feed Security Onion to give you full visibility into your network traffic. Register below! events.gcc.teams.microsoft.c…

DID YOU KNOW? Security Onion can be configured to automatically perform reverse DNS lookups to provide hostname information in the SOC interface. Just turn on the "enableReverseLookup" function in Configuration and enjoy!

Security Onion and "Dirty Frag": blog.securityonion.net/2026/…

THROWBACK THURSDAY: Who remembers the name of our original hunting interface from the early days of Security Onion? It was really hard to let it go. #tbt

🚨ICYMI OhMyPCAP 2.0 released yesterday with LOTS of new features! 💡OhMyPCAP is a FOSS web application for analyzing PCAP files. It uses @Suricata_IDS to generate security alerts and network metadata (DNS, HTTP, TLS, flows). You can then use the beautiful web interface to slice and dice all of that data, extract ASCII transcripts, view per-packet hexdumps, and carve individual streams. 2.0 changes: ☑️streamlined interface ☑️sankey diagrams ☑️hexdump view ☑️airgap/offline compatibility @NetworkChuck @TomLawrenceTech @TechnoTimLive @tom_doerr your subscribers might enjoy this!

Just two weeks after the initial release of OhMyPCAP, version 2.0 is here! This new version has TONS of new features including some requested by @chrissanders88 ! #pcap #infosec #cybersecurity #dfir

Introducing OhMyPCAP 2.0! OhMyPCAP is a standalone web application for analyzing PCAP files. This new version has TONS of new features to give you an even better pcap experience! #pcap #infosec #cybersecurity #dfir

Security Onion and Linux Kernel Copy Fail Vulnerability CVE-2026-31431 blog.securityonion.net/2026/…