#SecurityOnion 2.3.70 now available!
blog.securityonion.net/2021/08/securi…
#PeelBackTheLayers
#MakeYourAdversariesCry
#ThreatHunting
#NetworkSecurityMonitoring
#EnterpriseSecurityMonitoring
#LogManagement
#infosec
#DFIR
blog.securityonion.net/2021/08/securi…
#PeelBackTheLayers
#MakeYourAdversariesCry
#ThreatHunting
#NetworkSecurityMonitoring
#EnterpriseSecurityMonitoring
#LogManagement
#infosec
#DFIR
If you want the quickest and easiest way to try out #SecurityOnion, just follow the screenshots below to install an Import node and then optionally enable the Analyst Workstation. This can be done in a minimal VM with only 4GB RAM!
Start Setup and choose Import node:
Configure networking:
Finalize networking:
Create username and password:
Configure IP/hostname/other access and NTP:
Configure firewall, confirm all options, and complete Setup:
After rebooting and logging in, you can optionally run so-analyst-install to install full analyst desktop environment:
The analyst desktop environment includes:
#Chromium
#NetworkMiner
#wireshark
and many other analysis tools!
#Chromium
#NetworkMiner
#wireshark
and many other analysis tools!
Log into Security Onion Console (SOC):
Run so-import-pcap to import one or more pcap files:
Use the hyperlink provided by so-import-pcap to view all alerts and logs generated by your imported pcap file(s):
Find an interesting stream and pivot to full packet capture:
View the full packet capture as an ASCII transcript:
Download the pcap for the stream and open it directly in #NetworkMiner or other pcap tools for additional analysis and file extraction:
All this in a minimal VM with only 4GB RAM!
• • •
Missing some Tweet in this thread? You can try to
force a refresh
