Bootstrap your Network Security Monitoring with Security Onion

Рет қаралды 12,225

Күн бұрын

Пікірлер: 34

@rot169 3 жыл бұрын

This is the first in a new series where I’ll be putting a greater focus on blue/defensive topics. Don’t worry, I’ll still be creating the ‘classic’ Attack Detect Defend style videos too! Please let me know in the comments what you think of this new style, and if you have good ideas for future topics!

@rogue3123 Жыл бұрын

Excellent video, great explanation

@arsalananwar8265 2 жыл бұрын

This will help a lot of folks! Great explanation, keep making more and more videos.

@theburtmacklin9615 3 жыл бұрын

I’m very much a fan of this direction you’re taking your channel. Maybe next we could see augmenting the SIEM with log forwarding / Sysmon?

@rot169 3 жыл бұрын

Host logs, sysmon, etc... Oh yes, that's very much where I'm heading with this :-) Thank you for your support!

@GOTHAM21 10 ай бұрын

Yes, more detail on virtual monitoring, please.

@danieleperera6788 3 жыл бұрын

Thanks a lot, for good quality Infosec videos!

@rot169 3 жыл бұрын

My pleasure - I'm glad you like them!

@slothking3756 Жыл бұрын

You earned my follow. Very decisive and informative. Thank you

@haize198 3 жыл бұрын

Awesome looking forward for this series

@rot169 3 жыл бұрын

That's great to hear - I hope I don't disappoint! 😂

@haize198 3 жыл бұрын

@@rot169 trust me your videos are sooo cool and helpful.

@sumanthdodda8304 3 жыл бұрын

I love your content very much!! Thanks Andy. love from India ;p

@rot169 3 жыл бұрын

Thank you for the kind words and support!! :-)

@SonNguyen-uf2wp 3 жыл бұрын

thanks a lot, now i'm a big fan of your channel

@aktharhussain1606 3 жыл бұрын

Excellent looking for more step by step videos..

@wendy_113 Жыл бұрын

I appreciate your help so much.

@Tech-h4t 2 ай бұрын

Hi sir, iam facing trouble because my monitoring interface in security onion isnt detecting any traffic when i did tcpdump -i enp0s8 but my management interface is working fine. Iam able to login on the web interface of security onion but can't see any alert.

@anthonymansour3059 3 жыл бұрын

awesome content! maybe when you are done with this series, you can make a short video on security automation using SOAR technology and how such incidents and alerts are handled automatically...

@rot169 3 жыл бұрын

That sounds like a great idea! It'll probably be a while before I get to it, but it'll fit in perfectly to this 'blue'-focussed series - thanks for the suggestion! :-)

@DayNja1423 Жыл бұрын

when will you be making more videos like this?

@INSAN3JAK3 3 жыл бұрын

Hello! Thanks a lot mate for your very informative tutorial 🙏 very helpful! I wanted to ask if I can use a screenshot of your SecurityOnion Architecture Overview at 1:12 for my Bachelor thesis, of course referencing/acknowledging accordingly? (you can also let me know how I shall acknowledge/reference to you) And regarding ideas for additional content, could you maybe do an Architecture Overview for the Host based tools as well, as you did for the Network based tools? Would super great and helpful! Greetings! PS: subbed of course 🙏

@rot169 2 жыл бұрын

Thanks for checking! :-) Yes, feel free to use that screengrab with a reference to the video URL and "Attack Detect Defend". And thanks for the idea around host-based tools... I'll add it to my 'TODO' list! :-) Good luck with the thesis - sounds like an awesome project!

@INSAN3JAK3 2 жыл бұрын

@@rot169 Thanks a lot man! Yeah, so in my thesis I am setting up a virtual Windows test environment, including a standalone SecurityOnion node, and running Red Canary Atomic Tests against one Windows machine and checking for each test, what SecurityOnion detects. Greetings!

@opeyemibalogun6486 3 жыл бұрын

very informative! can please tell me how to enable SO to capture live traffic? I have it configured on VM standalone and 2 LAN interfaces added, the only time I was able to get traffic is when I used the command "sudo so-test". can I capture live traffic? if yes, kindly help

@rot169 3 жыл бұрын

SecOnion should just do this automatically, based on the network interfaces you configured for monitoring during the setup process. You can also run 'so-monitor-add' to add a network interface to be monitored at a later date. I hope this helps!

@opeyemibalogun6486 3 жыл бұрын

@@rot169 Hi, do I need to run any command to enable the sniffing interface to be active?

@rot169 3 жыл бұрын

No; if you configured your monitor interfaces as part of the install, or you use 'so-monitor-add' later, then SecOnion should just do everything else. Can you see traffic if you run 'tcpdump' on your monitor interface? If not, maybe your issue is with the VM network config? What hypervisor are you using, and what mode are the interfaces in?

@YoussefMrabetYMF68 2 жыл бұрын

Hi Andy, really awesome content !!! Is it possible to implement Security Onion in VMware Fusion with min. specs? I need help with this.. Thank you for your awesome channel content !!!!