Security Onion 🧅​

@securityonion@infosec.exchange
2K Followers
0 Following
616 Posts

Peel back the layers of your network and make your adversaries cry!

Free platform for threat hunting, enterprise security monitoring, and log management.

Questions: http://securityonion.net/discuss

Websitehttps://securityonion.net
Bloghttps://blog.securityonion.net
Docshttps://securityonion.net/docs
YouTubehttps://securityonion.net/youtube
Traininghttps://securityonionsolutions.com/training
Applianceshttps://securityonionsolutions.com/hardware
Security Onion 🧅​4d ago
Security Onion 🧅​4d ago

Security Onion 2.4.160 now available including Playbooks, Guided Analysis, MCP Server, and more!

https://blog.securityonion.net/2025/06/security-onion-24160-now-available.html

Show threadSecurity Onion 🧅​4d ago

Shoutout to @chrissanders88 for his work on the Human-Centered Investigation Playbook standard!

https://chrissanders.org/2025/06/human-centered-playbooks/

https://chrissanders.org/hcip/Human-Centered%20Playbook%20Standard%20v1.0.pdf

Security Onion 🧅​4d ago
Show threadChris Sanders 🔎 🧠4d ago
Playbooks don't replace or restrict analysts; however, they can help them perform more thorough investigations. Creating and using them also serves as an excellent learning tool. I hope this standard and its adoption will help folks along that path. #SOC #DFIR
Security Onion 🧅​4d ago
Show threadChris Sanders 🔎 🧠4d ago
Analysts derive playbooks through inductive reasoning processes. The process is often as valuable as the result. We needed a way to express those cleanly and effectively, supporting analyst cognition.
Security Onion 🧅​4d ago
Show threadChris Sanders 🔎 🧠4d ago
Analysts encounter common scenarios (cues) across diverse investigations based on the evidence they encounter and their forecasting of potentially related events. Many of the initial investigative questions analysts will ask in response to these cues can be predicted.
Security Onion 🧅​4d ago
Show threadChris Sanders 🔎 🧠4d ago
Better yet, the folks at Security Onion have integrated the standard into their platform and released a new guided investigation feature today. Every alert in Security Onion will now have linked investigation playbooks you can work from.
Security Onion 🧅​4d ago
Chris Sanders 🔎 🧠4d ago
If you've taken my Investigation Theory course, then you're familiar with my Human-Centered Investigation Playbooks. I'm excited to share that I'm releasing that standard publicly today. You can read about it here: https://chrissanders.org/2025/06/human-centered-playbooks/
Security Onion 🧅​4d ago

Security Onion 2.4.160 now available including Playbooks, Guided Analysis, MCP Server, and more!

https://blog.securityonion.net/2025/06/security-onion-24160-now-available.html

Security Onion 🧅​Jun 19
Security Onion 🧅​Jun 18

We've got a new AI-powered Playbooks feature coming in Security Onion 2.4.160 that will turbocharge your analysis and incident response!

https://youtu.be/SLGRB3PxB-o

Sneak Peek: Security Onion Playbooks

YouTube
Security Onion 🧅​Jun 18

We've got a new AI-powered Playbooks feature coming in Security Onion 2.4.160 that will turbocharge your analysis and incident response!

https://youtu.be/SLGRB3PxB-o

Sneak Peek: Security Onion Playbooks

YouTube