Security analysis with Security Onion

Collector

Conclusions

Security Onion gives you a comprehensive environment for monitoring and analyzing your IT infrastructure without too much overhead. For small IT departments, in particular, this can be a good introduction to professional IT security. That said, Security Onion only gives you the framework for monitoring and analysis and is not a standalone solution. Assessing the criticality of incidents and alerts, fine-tuning the monitoring tools, and case-by-case searches for IoCs are all tasks that a member of the workforce will need to handle. For a useful deployment, you need to have sufficient human resources to actually operate with the tools that Security Onion provides.

Infos

Security Onion: https://securityonionsolutions.com
Sigma format: https://github.com/SigmaHQ/sigma
CyberChef: https://gchq.github.io/CyberChef/
Download: https://securityonionsolutions.com/software

The Author

Dr. Matthias Wübbeling is an IT security enthusiast, scientist, author, consultant, and speaker. As a Lecturer at the University of Bonn in Germany and Researcher at Fraunhofer FKIE, he works on projects in network security, IT security awareness, and protection against account takeover and identity theft. He is the CEO of the university spin-off Identeco, which keeps a leaked identity database to protect employee and customer accounts against identity fraud. As a practitioner, he supports the German Informatics Society (GI), administrating computer systems and service back ends. He has published more than 100 articles on IT security and administration.

« Previous 1 2 3