Set up Security Onion 2.4 as a full single-node SOC with Zeek, Suricata, ELK, dashboards, PCAP, and case management - all in one VM! In this step-by-step tutorial, we’ll install Security Onion from the official ISO, explore the SOC interface, generate alerts, investigate them in Hunt, and walk through a quick alert-to-case workflow. Whether you’re building a homelab SOC or testing a professional detection pipeline, this guide is everything you need to get started. Guide & Commands GitHub Guide: Security Onion Docs: Requirements - 8 CPU cores - 16 GB RAM - 200 GB SSD - Two NICs: - eth0 = management (HTTPS) - eth1 = monitoring (SPAN/TAP) Chapters 00:00 – Intro 00:32 – Network Setup Overview (eth0/eth1 + hardware) 00:57 – Downloading the ISO & Creating the VM 01:27 – Installing Security Onion (ISO Installer) 02:03 – Running the Setup Wizard 04:29 – Verifying the Installation (so-status) 04:47 – Accessing the SOC Web Interface 05:10 – Exploring SOC: Alerts, Hunt, Cases, Dashboards 06:36 – Full Detection Workflow (Alert -- Hunt -- Case) 08:24 – Summary & Next Steps 08:31 – Outro If this helped… Please like the video, subscribe, and let me know in the comments what you want next. Doc's