![]() ![]() Basically they have a lot of the same features, so it shouldn't be too different. You might see that your Alert source is OSSEC and someone else's is Suricata and that'd be the difference, is just a version. They're both open-source HIDs and NIDs detection tools, it just depends on which version of Security Onion that you're running. Now Alerts is going to be using either OSSEC or Suricata. The Alerts page is where you'll get those IDS alerts, NIDs alerts, HIDs alerts, anything that you got an alert for whether it's high traffic, low traffic, signature-based, anomaly-based, whatever it is, you'll see that in the Alerts page. Grafana is basically a tool with a lot of charts to help you see the health system in your network. Some of those tools in the way that work here, as you go to your SOC dashboard, you'll see you have Grafana. Right now we have set it to host only, so you'll only be able to access it on our host but if you were to just deploy it onto your network, it'd would be accessible from any device on your network. If you're running this at home, you'll be able to access it from another machine assuming that the virtual machine has network access. But the SOC dashboard is going to be accessible to anybody that can access that web interface. ![]() There are some more detailed things you can do if you need to make configuration changes to applications and tools or if you need to fine-tune some specific rule sets and things like that that you'll do actually on the host by modifying files on the Security Onion virtual machine. But Security Onion has a ton of tools packed into it and the management of those tools for an analyst is going to be done from the SOC dashboard. Within Security Onion, when you first login, you're going to get taken to a place that's called the SOC dashboard and we're going to show that in a second. ![]() In this video, we're going to continue on with our concept of finding evil, knowing normal, and how to utilize Security Onion, which is a VM we set up during our setup portion of the course. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |