Glad to be a help, Thankyou 👍

Was about to say the exact same thing :P

Thankyou for the feed back, also try thr latest version of security onion 2.3, but it requires a lot of hardware.16 is good for a low power device

Thanks Henry, glad it helped you..

HI Mandz, Glad you like them :D

Thankyou for the feedback Mong

I am glad it helped yoi nitin, this was my goal. And yes, i want to make more interesting amd informational videos like this in the future . Need the support of yoo guys 👍👍. Thanks

Thankyou Siam 👍

Thank you for the feedback Javed

Thankyou for the feedback 👍

It's always a pleasure 👍

As soon as possible OAI ,thank you

SO Will automatically do it for you, in a physical setup you need to send the network data to the sniffing interface via a span port or port mirroring www.blackhillsinfosec.com/webcast-how-to-build-a-home-lab/ Hope the above helps

Yes we can, the path is to use ELK SIEM, you might need to create you own use cases, since this is new konghq.com/blog/10-ways-microservices-create-new-security-challenges/

Do you see the traffic flow coming I to the SO VM? you can use tcp dump. I hope all your VMs are in one network( as I did here all are in the( local host mode)

Hi Aliasgar, first check if you can pin the VM with each other. Second you should have promiscuous mode enable on the sniffing interface in the SO host

Hi Isha, the main problem is your ram, you need to allocate at least 8 gb of RAM for the VM.

@@HackeXPlorer I tried but it did not work. Now even, so-curator and so-elastalert shows FAIL status.

Hi Isha, your HW requirements matches the minimum. usually elastic related issues occurs when low HW configurations. Even when I run at 8GB and 4 cores logstash takes some time to load (approx 10min). As a last resort can you increase the number of core's from 2 to 4. Let me know your progress.

Hack eXPlorer Hey, I tried reinstalling and setup from the scratch keeping my ram for vm as 4gb and 2 processors. It’s actually working completely fine now and all the services are up. I wonder what could’ve been the issue before. Thanks a lot for all your help.

Wow, nice to hear that, stay tuned for more experiments from this setup 👍

Hi Rahman , This video was intended for small home test lab setup, but you can do all you require above from SO. in security onion production mode you can install a security onion instance as a sensor only mode, which will will send information to the central security onion management server. you can place the sensors on server cluster ,DMZ or another install . securityonion.readthedocs.io/en/latest/post-installation.html Security onion is running ELASA which can phrase SNMP blog.securityonion.net/2019/12/security-onion-160463-now-available.html For net-flow www.reddit.com/r/securityonion/comments/an2tu4/netflow_ipflow_ipfix_support/

Hop you got your answer

Sure why not, I have planned some scenarios. What type of attacks are you interested in?

Sir, if possible i would like to watch demonstration on ip spoofing, dhcp snopping etc. Also detection and prevention mechanisms. Sir, do you have any social media account?

you can find me in FB, Twitter as HackExplorer

It's weird I surely followed everything in the website and the network adpater setup here in your video but my host could't still pull up the SO web from the SO VM. Thanks in advance.

@@dummyaccount8483 interesting can you access the webpage within the SO vm?

@@HackeXPlorer Got it working now man. I changed NAT to bridge. thanks!

Do you see the traffic flow coming I to the SO VM? you can use tcp dump. I hope all your VMs are in one network( as I did here all are in the( local host mode)

Sure

Hi Lorenz, for security onion 2.0 you need 100GB at a minimum. here I have used SO16 for demo purpose.

I've learned the hard way....obey all of the resource requirements of Security Onion! It might seem like it installs fine but certain things won't work and you'll waste too much time troubleshooting. You might benefit from buying an old server to dedicate to SO.