1080*80 ad
Home » Blog » Setting up Security Onion on VirtualBox

Setting up Security Onion on VirtualBox

Benhcmark Administrator Benhcmark Administrator
18/10/2025
1 View 0
Setting up Security Onion on VirtualBox

How to Install Security Onion on VirtualBox: A Step-by-Step Guide

Building a personal cybersecurity lab is one of the most effective ways to sharpen your defensive skills. A powerful, free, and open-source tool for this purpose is Security Onion, a comprehensive platform for threat hunting, network security monitoring (NSM), and log management. By running it in a virtual machine using VirtualBox, you can create a safe, isolated environment to learn and experiment without needing dedicated hardware.

This guide will walk you through the entire process of setting up a fully functional Security Onion instance inside VirtualBox, from initial configuration to your first login.

What You’ll Need Before You Start

To ensure a smooth installation, gather these components first:

  • Oracle VM VirtualBox: Download and install the latest version of VirtualBox and its corresponding Extension Pack.
  • The Official Security Onion 2 ISO: Head to the official Security Onion website and download the latest stable ISO image file.
  • A Capable Host Machine: Virtualization is resource-intensive. Ensure your computer has enough power to handle both your host operating system and the Security Onion virtual machine.

Recommended System Requirements

Security Onion is a powerful suite of tools, and it requires adequate resources to run effectively. While minimums exist, for a responsive and useful lab environment, we strongly recommend allocating the following to your virtual machine:

  • CPU: 4 CPU Cores
  • RAM: 12 GB or more
  • Storage: 200 GB of free disk space

Pro Tip: Always allocate more resources than the bare minimum if you can. Under-resourcing your VM is the most common cause of poor performance and installation failures.

The Installation Process: A Detailed Walkthrough

Follow these steps carefully to configure and install your virtual security lab.

Part 1: Creating Your Virtual Machine in VirtualBox

First, we need to create the virtual “hardware” where Security Onion will live.

  1. Open VirtualBox and click the “New” button.
  2. Name: Give your VM a descriptive name, like Security Onion 2.
  3. Type: Select Linux.
  4. Version: Choose Red Hat (64-bit) or Oracle (64-bit). Security Onion is based on CentOS/Rocky Linux, so these profiles work well.
  5. Memory Size: Allocate at least 12288 MB (12 GB) of RAM.
  6. Hard Disk: Select “Create a virtual hard disk now” and click Create.
  7. Hard Disk File Type: Choose VDI (VirtualBox Disk Image).
  8. Storage on Physical Hard Disk: Select “Dynamically allocated” for efficiency.
  9. File Location and Size: Set the virtual hard disk size to at least 200 GB.

Part 2: Configuring Critical VM Settings

Before starting the VM, we need to fine-tune its settings for optimal performance and functionality. Select your newly created VM and click the “Settings” button.

  1. System -> Processor: Increase the Processor(s) count to 4.
  2. Display -> Screen: Set the Video Memory to the maximum possible (e.g., 128 MB).
  3. Storage: This is where you mount the installer.
    • Click on the “Storage” tab.
    • Under the “Controller: IDE” section, click on the empty CD icon.
    • On the right-hand side, click the small CD icon and select “Choose a disk file…”.
    • Navigate to and select the Security Onion ISO file you downloaded.
  4. Network: This is the most crucial configuration step for a functional security lab. We will configure two network adapters.
    • Adapter 1 (Management): This adapter is for accessing the Security Onion web interface.
      • Enable the adapter.
      • Set “Attached to” to NAT or Bridged Adapter. NAT is simpler, while Bridged places the VM on your home network like a separate physical device.
    • Adapter 2 (Monitoring): This adapter will listen to network traffic for analysis.
      • Click the “Adapter 2” tab and check “Enable Network Adapter”.
      • Set “Attached to” to Bridged Adapter and select the primary network interface of your host machine (e.g., your Wi-Fi or Ethernet card).
      • Expand the “Advanced” section.
      • Set Promiscuous Mode to “Allow All”. This is mandatory for the IDS/IPS to see all network traffic, not just traffic destined for the VM.

Click “OK” to save all your settings.

Part 3: Running the Security Onion Installer

Now you are ready to boot up the VM and install the software.

  1. Select your VM and click “Start”.
  2. The VM will boot from the ISO. When prompted, select the option to install Security Onion.
  3. You will be dropped into a command-line interface. Log in with the username securityonion and the password onion.
  4. Double-click the “Install Security Onion” icon on the desktop to launch the setup wizard.
  5. Choose your installation type. For a comprehensive lab, select STANDALONE. The EVAL mode is lighter but has fewer features and retains less data.
  6. Follow the on-screen prompts to confirm settings, create your administrator account (be sure to use a strong, memorable password), and configure the network interfaces.
  7. The installer will partition the disk and install all the necessary components. This process can take a significant amount of time, so be patient.
  8. Once completed, the system will prompt you to reboot.

Part 4: Accessing Your Security Onion Console

After the VM reboots, remove the installation ISO by going to Devices -> Optical Drives -> Remove disk from virtual drive.

Your Security Onion instance is now running. To access the web interface:

  1. Log into the VM’s command line with the admin credentials you created during installation.
  2. Run the command so-status to check that all services are running correctly. This command will also display the IP address for the web interface.
  3. Open a web browser on your host machine (not inside the VM) and navigate to the IP address shown (e.g., https://192.168.1.123).
  4. You will likely see a browser warning about a self-signed certificate. This is normal. Proceed to the site.
  5. Log in with the administrator credentials you created.

Congratulations! You now have a powerful, fully operational network security monitoring platform ready for you to explore. You can start analyzing alerts, hunting for threats, and diving deep into the rich data collected by industry-standard tools like Suricata, Zeek, and Wazuh. To see it in action, connect another VM to the same network and generate some traffic for Security Onion to analyze.

Source: https://kifarunix.com/install-and-setup-security-onion-on-virtualbox/

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket