Security Onion Essentials 2.3 - Detection Engineering
Рет қаралды 20,500
Күн бұрынIn this session, we cover the third and final common workflow in Security Onion - Detection Engineering.
Security Onion Essentials - Playlist: • Security Onion Essenti...
If you have questions or problems, please feel free to create a discussion at securityonion....
@SkreenGG 2 жыл бұрын
Great video. The playbook tool is very powerful and allows for unlimited customization. Thanks for this video!
@security-onion 2 жыл бұрын
Thanks, glad you like it!
@PaulBenedict22 2 жыл бұрын
This was an awesome way to understand detection engineering. I’m going to use and implement those 4 steps myself
@security-onion 2 жыл бұрын
Thanks, glad you like it!
@absemperor7095 3 жыл бұрын
very good
@security-onion 3 жыл бұрын
Thanks!
@faizankhd 3 жыл бұрын
Do you cover ELk kibana siem to detect different network attacks, lateral movement, ransomware attack, phishing attack , incident response ,etc
@security-onion 3 жыл бұрын
Not sure what you're asking. Security Onion includes the Elastic stack and Kibana. You can use Kibana or our own web interfaces (Alerts and Hunt) to detect these kinds of attacks. If you have further questions or problems, please start a new discussion at securityonion.net/discuss. Thanks!
@UnwanaEssien Жыл бұрын
Can I write this for data source of netflow ? Being that netflow is not processed by suricata etc
@security-onion Жыл бұрын
If you have questions or problems, please start a new discussion at securityonion.net/discuss
@lonewaffle 3 жыл бұрын
I notice that they are all set to draft by default. Would it be a bad idea to turn most of them on? How big of an impact would that have on the server?
@security-onion 3 жыл бұрын
From docs.securityonion.net/en/2.3/playbook.html#putting-a-play-into-production: "Performance testing is still ongoing. We recommend avoiding the Malicious Nishang PowerShell Commandlets play as it can cause serious performance problems. You may also want to avoid others with a status of experimental." If you have further questions or problems, please start a new discussion at securityonion.net/discuss Thanks!
I.T Security Labs
Рет қаралды 35 М.
SANS Institute
Рет қаралды 2,7 М.
Security Onion
Рет қаралды 15 М.