« Previous 1 2 3

Security analysis with Security Onion

Collector

Conclusions

Security Onion gives you a comprehensive environment for monitoring and analyzing your IT infrastructure without too much overhead. For small IT departments, in particular, this can be a good introduction to professional IT security. That said, Security Onion only gives you the framework for monitoring and analysis and is not a standalone solution. Assessing the criticality of incidents and alerts, fine-tuning the monitoring tools, and case-by-case searches for IoCs are all tasks that a member of the workforce will need to handle. For a useful deployment, you need to have sufficient human resources to actually operate with the tools that Security Onion provides.

Infos

  1. Security Onion: https://securityonionsolutions.com
  2. Sigma format: https://github.com/SigmaHQ/sigma
  3. CyberChef: https://gchq.github.io/CyberChef/
  4. Download: https://securityonionsolutions.com/software

The Author

Dr. Matthias Wübbeling is an IT security enthusiast, scientist, author, consultant, and speaker. As a Lecturer at the University of Bonn in Germany and Researcher at Fraunhofer FKIE, he works on projects in network security, IT security awareness, and protection against account takeover and identity theft. He is the CEO of the university spin-off Identeco, which keeps a leaked identity database to protect employee and customer accounts against identity fraud. As a practitioner, he supports the German Informatics Society (GI), administrating computer systems and service back ends. He has published more than 100 articles on IT security and administration.

« Previous 1 2 3

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus