Oracle Linux-based Security Onion 2.4.210 launches with Onion AI local model support

Originally based on Xubuntu 10.04, Security Onion has been around since 2009. This free and open Linux distribution for threat hunting, enterprise security monitoring, and log management is now based on Oracle Linux, and its latest update, labeled 2.4.210, was released yesterday.

The aforementioned update comes with major improvements for the popular new Onion AI Assistant, which is only available for Security Onion Pro customers. Since local model support has been in the list of requirements for many users, the latest software refresh allows the local model with an OpenAI-compatible endpoint to connect to it. For more information concerning Onion AI, those interested should check out this webpage.

The list of updated components, alongside new features and various fixes, includes the following:

• Zeek 8.0.6.
• Elasticsearch 9.0.8.
• Docker 29.2.1.
• Saltstack 3006.19.
• Graphs and charts added to the AI Metrics page.
• Shows context used on each request/response pair.
• The ISO base image is now Oracle 9.7.
• Pcapfix to 1.1.7.
• Added support for default user roles.

Obviously, the items mentioned above are just a smattering of what this release has to offer. The in-depth list of features and fixes is available on this page.

While Security Onion is a free and open platform, it comes with enterprise features that are only available to paid users. The Onion AI Assistant is the latest addition to the list of such features, alongside older ones such as Reports, Active Query Management, and many others. More details on Security Onion Pro and its features can be found right here.