Yandex Cloud and VK Cloud documentation
Documentation on configuring solutions in Yandex Cloud
SecurityOnion documentation
Installing SecurityOnion in Yandex Cloud

Installing SecurityOnion in Yandex Cloud

SecurityOnion

Security Onion is a Linux distribution designed for security monitoring, incident detection, and network traffic analysis. It integrates a variety of network security tools, including intrusion detection systems (IDS), anomaly detection systems (ADS), security analysis systems, log collection and analysis tools, and many others. Security Onion provides powerful monitoring and analysis capabilities for organizations looking to improve their protection against cyber threats.

Installing SecurityOnion(SO) in the Yandex Cloud

Before you can begin installing SecurityOnion, you must create a virtual machine from a pre-built image.

Input parameters

CPU cores10
Memory20 GB
disk size256 GB
NICs2

The tables only show the minimum values!

Configure the virtual machine with the required parameters and make an SSH connection. After SSH connection the installer window should open.

Press “yes” and proceed to the next step.

The next screen asks you to select the type of installation.

To simplify the process, select Standalone mode. For more information on the available installation types, please refer to the official documentation .

Select and proceed to the following screen

It is necessary to read the licensing and if everything is satisfactory, type “AGREE” and move on.

The next step is to set the hostname, not fqdn.

The next step is optional and can be skipped and we move on from there

At this point we have everything in place, so we select Yes and move on to the next step. Read carefully the warning about dhcp and accept the risks

Then select the Management interface, select the first one in the list.

This interface will provide access to the web interface.

⚠️

Attention!

The vendor recommend using VPN to access the web-interface.

Select and go to the next screen If you are not using a proxy server then select Direct and go from there

If not sure then just select Yes and move on. This is usually more than enough

On the next screen you need to select the interface or interfaces for Monitor

In my case the space bar is what I selected, the second interface I have.

Next you need to create a user for the web interface and set a password There are no strict email requirements for the admin, click OK.

Make up a strong password that complies with crypto standards and your organization’s security policy.

Once we’re done with the user and password, let’s get to choosing web-ui access.

If you have a fully internal network, then you need to select IP or HOSTNAME

In my case I choose OTHER and enter the public ip of the virtual machine. The developers don’t guarantee that this will work and won’t change in the future. It is better to use a bundle of private ip + vpn

Next, allow access to web-ui Just select Yes and on the next screen enter either the ip or subnet who will be allowed access.

I allowed everyone to access the web-ui from all subnets

Check everything we entered in the previous steps and if everything is correct select Yes.

The process of installing and configuring SecurityOnion will begin, the process itself can take up to 2 hours, it all depends on your particular virtual machine configuration

For example, for a virtual 10 vCPU,20GB RAM and a 256 GB disk, the installation and configuration took 1 hour and 30 minutes

After successful installation you should see a notification This completes the installation and you can log in with a username and password to the web interface

SecurityOnion documentationIntegration of pfSense with SecurityOnion