Before Configuring our lab , download and install the VMWare Workstation Pro.

Note we need a beefy system to build this lab atleast 16GB RAM.

• Security Onion is nothing but an open source threat hunting network security monitoring and log management tool or SIEM tool.

LINK : https://securityonionsolutions.com/

• Download the latest security onion ISO file from the below github page.

LINK : https://github.com/Security-Onion-Solutions/securityonion/blob/master/VERIFY_ISO.md

• For setting up security onion in VMWare verify the steps provided in the below documentation.

LINK : https://docs.securityonion.net/en/2.3/vmware.html

• Now Lets Set the virtual Network Adapter for the lab. Go to Edit → Virtual Network Editor → Click Change Settings . Enable the interfaces as shown below and disable DHCP in all the adapters as we will be using PFSENSE to distribute the DHCP.

• VMNET1 will be the internal network management interface security onion and VMNET2 will be used as an internal sniffing interface.
• So now get back to the security onion hardware settings and enable two network adapters as shown below. (We need to add one more adaptor as in default only one will be shown under settings . To do this under Hardware settings , click Add → Network Adaptor )

• Once the above settings are done , power on security onion and it will start the installation process. While installing it prompts for admin username and password ,provide the details. After a while it will prompt for rebooting. Reboot the machine and you will get the welcome screen for GUI setup.
• In the welcome screen click YES and then in the next window select CONFIGURE NETWORK.
• Enter the hostname. Now Select the Management NIC ( press spacebar key to select ens33 and click ok )
• In the next page select the STATIC ip address option and click ok.
• Now we will set STATIC IP for the security onion. Give your IP as ( 10.10.10.10/24 ) , click ok.
• The gateway IP is gonna be the PFSENSE firewall IP which is ( 10.10.10.1) , click ok.