Implement Security Onion Do Open Linux Distribution For Threat Hunting, Enterprise Security Monitoring, And Log Management.

 Dec 2021 - Present

  • security onion is a network security monitoring (NSM) system that provides full context and forensic visibility into the traffic monitors.

    Designed to make deploying complex open-source tools simple via a single package (Snort, Suricata, Sguil, Snor by, etc.)

    Having the ability to pivot from one tool to the next seamlessly, provides the most effective collection of network security tools available in a single package

    Allows the choice of IDS engines, analysts consoles, web interfaces
    Free (Open Source)

    1. Continuous Protection
    2. Features a new web interface called Security Onion Console (SOC) that includes native alert management, threat hunting, and pcap retrieval.
    3. Risk Assessment and Management
    investigation.
    4. Adds TheHive, Strelka, support for Sigma rules, Grafana/InfluxDB (independent health monitoring/alerting), Fleet (osquery management), and Playbook (detection playbook tool).
    Moves from Ubuntu packages to containers
    Timely response


    5Supports both CentOS 7 and Ubuntu 18.04
    Changes pcap collection tool from netsniff-ng to Google Stenographer
    6. Upgrade to Elastic Stack 7.x and support the Elastic Common Schema (ECS)
    7. Completely replaces unsigned kernel module PF_RING with AF_PACKET
    8. Suricata completely replaces Snort. (We may elect to add Snort back after Snort 3.0 is officially released.)
    9. Removes Sguil, Squert, capME, and PHP
    10.Storage Nodes are now known as Search Nodes
    The first node in a distributed deployment is now called a Manager

Comments

Post a Comment

Popular posts from this blog

Implementation Open Source SOC using ELK stack,TheHive, Cortex,MISP

Image
  Jan 2022 - Feb 2022 Jan 2022 - Feb 2022 Associated with Research forum of city university Implementation Open Source SOC using ELK stack,TheHive, Cortex,MISP: Soc Open Source is a Project Designed for Security Analysts and all SOC audiences who want to play with implementation and explore the Modern SOC architecture. All of the components are used based on Open Source Projects(Available at the time of first commit). This is Part-1, we will show the base of the model with ELK, TheHive- Cortex-MISP and we will use some dummy data to ingest in ELK. In upcoming episodes, we will include more data sources to ELK- Wazuh, Snort, Honeypot and Also we will integrate Atomic Red Team to ELK for Attack Simulation. We will also show how you can automate your flows with Shuffle. So watch this space out!
Read more