Security Onion is a free and open-source Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes TheHive, Playbook, Fleet, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, Zeek, Wazuh, and many other security tools.
In the diagram, we can see Security Onion in a traditional enterprise network with a firewall, workstations, and servers. You can use Security Onion to monitor north/south traffic to detect an adversary entering an environment, establishing command-and-control (C2), or perhaps data exfiltration. It is possible to monitor in this scenario the east/west traffic to detect lateral movement. Security Onion can consume logs from servers and workstations as well so that it is possible to then hunt across all the network and host logs at the same time in a single Interface.
Find a complete installation guide and much more documentation in the following link: https://docs.securityonion.net/en/2.3/