Note: To set up Security Onion, the minimum specs are 16 gigs of RAM, 4 vCPUs, and 200 gigs of storage. Another thing to note is that my hardware was too new for the ISO, so I built it on Ubuntu Desktop. However, they have an ISO that's CentOS-based, which I would recommend.

I built a Security Onion server on top of Ubuntu Desktop. I then configured a SPAN port on my monitoring NIC to collect all packets going to or from my hypervisor. I put the other port it uses to access the internet on a separate subnet to enhance network security. From there, I started setting up and configuring Security Onion tools on my endpoints. The tools I have set up so far include OSquery, Salt, FleetDM, and Wazuh. I also configured the firewall to allow the tools while locking down SSH access.

Tutorial: (In Progress)