Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
The following Suricata metadata parsers need to be updated to change dataset to event.dataset:
suricata.fileinfo
suricata.flow
suricata.krb5
suricata.tls
The following Suricata metadata parsers need to be updated to change
dataset
toevent.dataset
: suricata.fileinfo suricata.flow suricata.krb5 suricata.tls