Once data starts flowing through the sniffing interfaces you are going to be presented with a lot of false positives. It’s essential to reduce the number of false positives because the identification of real indicators can become next to impossible and your hardware will thank you. When I fired up Read more…
The guidance in the article “Security Onion Set Up Part 1: Planning” no longer applies if you’re using the new Security Onion image because it uses Elastic Stack instead of ELSA. Elastic Stack might be a resource hog, but the workflow is superior compared to ELSA in the way you can visualize data in the dashboard and pick from pre-configured searches that touch on almost everything you would need to look at out-of-the-box. (more…)
Before we begin configuring Security Onion, it’s a good idea to get an Oinkcode from snort.org if you’re going to use Snort.
Snort can also use the Emerging Threat rulesets.
There are three options available to obtain an Oinkcode.
- Community Edition – the rules are updated every 30 days, no support – FREE
- Personal – the rules are released daily, can submit false positives, home network or educational environments only – $29.99 per year
- Business – the rules are updated daily, priority support for false positives and Talos (the parent company) will work directly with you, for use in businesses, colleges, government, etc. – $399 per sensor per year
Once you create an account and pay for a subscription or not, you can find the Oink code by clicking on the email address in the upper right-hand corner of the page then select Oinkcode. (more…)
This article is straightforward in that if you’ve installed an operating system before this won’t be an issue. The recommended installation medium is Rufus. Rufus creates a bootable thumb drive where you can place [.]img or [.]iso images. Thumb drives have a far higher data rate transfer than DVD’s making the installation quick. (more…)
If you read my article on Security Onion planning and the mention of Snort/Suricata, Bro, and ELSA left you with questions, or if you haven’t read my Security Onion (SO) planning article but are looking for explanations of the various detection and analysis tools then this is the article for you. This is a Security Onion primer, and not part of the installation and configuration series. (more…)