Security Onion Adds Local AI Support
Security Onion has released version 2.4.210, a major update that adds local model support for its Onion AI feature. This allows for AI-powered threat detection and assistive analytics in-house, providing a new source of enriched alerts that can be integrated into SIEMs like Splunk.
The move to local AI model support in Security Onion 2.4.210, released on March 2, 2026, allows organizations to keep all their data on-premises. This is a significant development for environments with strict data governance or those operating in air-gapped networks, common in DoD settings. To facilitate this, the updated Onion AI Assistant for Security Onion Pro users can connect to any local model that exposes an OpenAI-compatible API endpoint. The release notes also explicitly mention new adapters for Gemini and OpenAI, providing flexibility in the choice of underlying large language models. This enhancement addresses a key demand from users who require AI-assisted analytics without sending sensitive alert and case data to external cloud services. The system now includes a new AI Metrics page with graphs and charts to monitor the performance and context usage of the connected models. Beyond the AI updates, the release incorporates several other key component upgrades. These include updates to Zeek 8.0.6, Elasticsearch 9.0.8, Docker 29.2.1, and Saltstack 3006.19, ensuring the underlying platform remains current for threat detection and response.
