Security Onion, a free Linux distribution for threat hunting and security monitoring, has released version 2.4.210 based on Oracle Linux. The update introduces major improvements to the Onion AI Assistant, including support for local models. Several core components have also been upgraded.
Security Onion traces its origins to 2009, when it was initially built on Xubuntu 10.04. Over the years, it has evolved into a platform for enterprise security monitoring, log management, and threat hunting, now running on Oracle Linux.
The latest release, version 2.4.210, arrived yesterday and focuses on enhancing the Onion AI Assistant, a feature exclusive to Security Onion Pro subscribers. A key addition is support for local models via an OpenAI-compatible endpoint, addressing user requests for offline capabilities. More details on Onion AI are available on the project's webpage.
Alongside these AI improvements, the update includes upgrades to several system components: Zeek to version 8.0.6, Elasticsearch to 9.0.8, Docker to 29.2.1, and Saltstack to 3006.19. The ISO base image has shifted to Oracle 9.7, while Pcapfix has been updated to 1.1.7. New features encompass graphs and charts on the AI Metrics page, display of context for each request/response pair, and support for default user roles.
This release offers a range of fixes and minor tweaks, with a comprehensive list documented on the Security Onion site. While the core platform remains free and open-source, premium features like Onion AI, Reports, and Active Query Management require a Pro subscription. Further information on Security Onion Pro can be found on the official page.
