The Security Onion CDF integration ingests alerts, detections, and their associated context from Security Onion into ThreatQ. The integration enables analysts to correlate Security Onion alert data with threat intelligence stored in ThreatQ.

The integration provides the following feed:

• Security Onion Alerts –retrieves alert and detection data from Security Onion and ingests them as Events and Signatures, along with Indicators and Assets as applicable.

The integration ingests the following object types:

• Assets
• Events
• Indicators
• Signatures