« Mininet - An Instant Virtual Network on your Laptop | Main | Kibana - Elastic Search »

Thursday, 28 December 2017

Security Onion - Intrusion Detection and Network Security Monitoring

SecOnion

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. Security Onion is a platform that allows you to monitor your network for security alerts. It’s simple enough to run in small environments without many issues and allows advanced users to deploy distributed systems that can be used in network enterprise type environments. Security Onion has full packet capture, Snort or Suricata rule-driven intrusion detection, Bro event-driven intrusion detection and OSSEC host-based intrusion detection, all running out of the box once you run Security Onion setup. 

This tool is used in the workshops of the CyberSecurity Operations Networking Academy course.

 More informatin below and in https://securityonion.net/

Short description of all the tools within Security Onion: https://github.com/Security-Onion-Solutions/security-onion/wiki/IntroductionToSecurityOnion

Security Onion Layers

  • Ubuntu based OS
  • Snort, Suricata
  • Snorby
  • Bro
  • Sguil
  • Squert
  • ELSA
  • NetworkMiner
  • PADS

And Many Other tools…

Snort/Suricata

  • Snort and Suricata are NIDS Engine.

Snort

  • Snort is an open source network intrusion detection and prevention system (IDS/IPS)

Suricata

  • Suricata is a high performance Network IDS/IPS and network Security Monitoring system.

IDS Engines

  • Highly scalable
  • Protocol Identification
  • File Identification
  • MD5 Checksums
  • File Extraction

Snorby

Web frontend of network security’s monitoring.

  • Metrics and reports
  • Classifications
  • Full Packet
  • custom setting
  • Hotkeys

Bro

  • High-level semantic analysis at the application
  • site-specific monitoring policies Sguil
  • It is an analysis console for security’s monitoring
  • Its a powerful for Event analysis, Coreleation and review Squert
  • A web interfaces to query and to view Sguil event data and is a visual tools
  • Bro is a powerful network analysis framework

ELSA

ELSA is a centralized system log framework built on System log-NG, MySQL, and Sphinx full-text search. It provides a fully asynchronous web-based query interface that normalizes logs and makes searching billions of them for arbitrary strings as easy as searching the web. It also includes tools for assigning permissions for viewing the logs as well as email based alerts, scheduled queries, and graphing.

Posted at 02:54 PM in CyberSecurity, Security, Workshop |

| | | Pin It! |

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)