Security Onion is a Linux distro for IDS (Intrusion Detection) and NSM (Network Security Monitoring). It's based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, argus, Xplico, tcpreplay, scapy, hping, and many other security tools. The main web site for the project is http://securityonion.blogspot.com/.
The screen captures below were taken from installing the distribution within a VMware Workstation environment. After the initial installation has completed, access a terminal window and execute the following command as root to update the OS:
apt-get update; apt-get dist-upgrade
This process may take some time to download. Once completed, the components of the Security Onion will need to be updated. On the web site, a link is present concerning updates.
The page should have a command that you can copy and paste into a terminal window.
Once all components are updated, a icon should be present on the desktop called Setup. This should launch a configuration wizard.
An advanced or quick setup option should be available.
Below are some of the screens of the setup wizard.
A summary screen should eventually appear.
Back on the desktop, access the Snorby icon.
Log into the web interface of the application.
To view alerts, click on the Events menu option.
In reviewing the details of an alert, a button is available to display the rule that generated the entry.
More options are available via the main menu.
The /etc/snort/snort.conf file may need to be modified to include the IP range on the network in question.
The FAQ section on the web site includes more configuration hints.