This post is going to show how I set up a home virtual machine to monitor my home network. I am going to show what I used and maybe some helpful tips that I found. This will lead to future posts on dashboards, linux and more. Grab some coffee and lets get started…..

After installing VirtualBox, select New. First, make sure you are in Guided Mode, I found this easier for me. It should say Expert Mode at the bottom. Next, name your machine. I got creative and named mine SecurityOnion. Feel free to get crazy and name it whatever you like. The type, operating system, will be Linux and the version is Ubuntu 64bit. Next is RAM for the machine. SecurityOnion documentation suggests 12gb. I would do some research on how this effects your host machine. I gave mine 10gb. I have not seen this have any negative effects on the performance of the VM. Then you will create a virtual hard disk. Select the radio button for VDI. Next, select Dynamically allocated. I would do some research on this also, just a nice topic to know. Next step is the size of the virtual hard disk. I gave mine the suggested amount of 200gb.

Great job!! Now we have to mount the SecurityOnion iso file and add some settings to the VM. Select your VM and click on settings. In the storage tab click on “Empty.” On the far right there is a CD icon with a down arrow, click on that and select “choose a disk file.” Then you will select the SecurityOnion iso file that you downloaded with the link above.

In the system settings change the processor to 4, for increased performance. Change the video memory in the display setting to 128mb. Next, add some convenient copy and paste action in the advanced tab in general by changing the shared clipboard setting to Bidirectional.

Now the network adapter needs to be edited in the network tab. Under adapter 1 change the first setting to Bridged Adapter. This will allow the VM to see activity from your host machine. This is also another topic to do some research on. There are a lot of options here and maybe that can turn into another post later. In the advanced tab, by the blue arrow, change promiscuous mode to “allow all.”

Now you are ready to start the VM. I am going to set the SecurityOnion configuration in a list form below. I feel like this will be quicker and easier to read.

Take note of the IP. It will also show when you start the VM, if you didn’t record it. This will take a while so maybe get a refill of coffee or maybe a cold beer by now.

Let me know how this works for you. Did you run into any issues? Did you find some tips along the way? Comment below or message me on LinkedIn.