Bootstrap your Network Security Monitoring with Security Onion

Рет қаралды 11,231

Күн бұрын

In this video we’ll be kickstarting a network security monitoring system with Security Onion, and exploring it’s out-of-the-box capabilities to detect malicious activity. We’ll be building on this foundation in future episodes - get subscribed so you don’t miss them!
References:
SecurityOnion Download: securityonionsolutions.com/so...
Timecodes:
0:00 Introduction
1:06 SecurityOnion Architecture
2:04 Sample Network
2:34 Sensor Capture Architecture
4:16 SecurityOnion Installation
4:56 Adversary Emulation
5:18 Exploring Suricata, Zeek & Strelka events
9:43 Wrap-up
Credits:
Intro/Outro Music: Render - Prism: • Render - Prism [Creati... (via Argofox: / argofox )
Diagram icons designed by OpenMoji (openmoji.org/) CC BY-SA 4.0

Пікірлер: 33

@rot169 3 жыл бұрын

This is the first in a new series where I’ll be putting a greater focus on blue/defensive topics. Don’t worry, I’ll still be creating the ‘classic’ Attack Detect Defend style videos too! Please let me know in the comments what you think of this new style, and if you have good ideas for future topics!

@rogue3123 5 ай бұрын

Excellent video, great explanation

@GOTHAM21 4 ай бұрын

Yes, more detail on virtual monitoring, please.

@theburtmacklin9615 3 жыл бұрын

I’m very much a fan of this direction you’re taking your channel. Maybe next we could see augmenting the SIEM with log forwarding / Sysmon?

@rot169 3 жыл бұрын

Host logs, sysmon, etc... Oh yes, that's very much where I'm heading with this :-) Thank you for your support!

@arsalananwar8265 Жыл бұрын

This will help a lot of folks! Great explanation, keep making more and more videos.

@slothking3756 11 ай бұрын

You earned my follow. Very decisive and informative. Thank you

@danieleperera6788 3 жыл бұрын

Thanks a lot, for good quality Infosec videos!

@rot169 3 жыл бұрын

My pleasure - I'm glad you like them!

@haize198 3 жыл бұрын

Awesome looking forward for this series

@rot169 3 жыл бұрын

That's great to hear - I hope I don't disappoint! 😂

@haize198 3 жыл бұрын

@@rot169 trust me your videos are sooo cool and helpful.

@SonNguyen-uf2wp 2 жыл бұрын

thanks a lot, now i'm a big fan of your channel

@aktharhussain1606 2 жыл бұрын

Excellent looking for more step by step videos..

@wendy_113 9 ай бұрын

I appreciate your help so much.

@sumanthdodda8304 3 жыл бұрын

I love your content very much!! Thanks Andy. love from India ;p

@rot169 3 жыл бұрын

Thank you for the kind words and support!! :-)

@anthonymansour3059 2 жыл бұрын

awesome content! maybe when you are done with this series, you can make a short video on security automation using SOAR technology and how such incidents and alerts are handled automatically...

@rot169 2 жыл бұрын

That sounds like a great idea! It'll probably be a while before I get to it, but it'll fit in perfectly to this 'blue'-focussed series - thanks for the suggestion! :-)

@YoussefMrabetYMF68 2 жыл бұрын

Hi Andy, really awesome content !!! Is it possible to implement Security Onion in VMware Fusion with min. specs? I need help with this.. Thank you for your awesome channel content !!!!

@DayNja1423 Жыл бұрын

when will you be making more videos like this?

@INSAN3JAK3 2 жыл бұрын

Hello! Thanks a lot mate for your very informative tutorial 🙏 very helpful! I wanted to ask if I can use a screenshot of your SecurityOnion Architecture Overview at 1:12 for my Bachelor thesis, of course referencing/acknowledging accordingly? (you can also let me know how I shall acknowledge/reference to you) And regarding ideas for additional content, could you maybe do an Architecture Overview for the Host based tools as well, as you did for the Network based tools? Would super great and helpful! Greetings! PS: subbed of course 🙏

@rot169 2 жыл бұрын

Thanks for checking! :-) Yes, feel free to use that screengrab with a reference to the video URL and "Attack Detect Defend". And thanks for the idea around host-based tools... I'll add it to my 'TODO' list! :-) Good luck with the thesis - sounds like an awesome project!

@INSAN3JAK3 2 жыл бұрын

@@rot169 Thanks a lot man! Yeah, so in my thesis I am setting up a virtual Windows test environment, including a standalone SecurityOnion node, and running Red Canary Atomic Tests against one Windows machine and checking for each test, what SecurityOnion detects. Greetings!

@opeyemibalogun6486 2 жыл бұрын

very informative! can please tell me how to enable SO to capture live traffic? I have it configured on VM standalone and 2 LAN interfaces added, the only time I was able to get traffic is when I used the command "sudo so-test". can I capture live traffic? if yes, kindly help

@rot169 2 жыл бұрын

SecOnion should just do this automatically, based on the network interfaces you configured for monitoring during the setup process. You can also run 'so-monitor-add' to add a network interface to be monitored at a later date. I hope this helps!

@opeyemibalogun6486 2 жыл бұрын

@@rot169 Hi, do I need to run any command to enable the sniffing interface to be active?

@rot169 2 жыл бұрын

No; if you configured your monitor interfaces as part of the install, or you use 'so-monitor-add' later, then SecOnion should just do everything else. Can you see traffic if you run 'tcpdump' on your monitor interface? If not, maybe your issue is with the VM network config? What hypervisor are you using, and what mode are the interfaces in?