SlideShare uma empresa Scribd logo

Security Onion - Introduction

n|u - The Open Security Community
n|u - The Open Security Community

null Bangalore January meet

Tecnologia
1 de 18
Baixar para ler offline
n|u / OWASP / G4H / SecurityXploded meet Nishanth Kumar n|u bangalore chapter member 18 Jan 2014
What is Security Onion?  Security Onion is a Linux distro for  Intrusion detection,  Network security monitoring, and  log management 18 Jan 2014
Onion Layers • Ubuntu based OS • Snort , Suricata • Snorby • Bro • Sguil • Squert • ELSA • NetworkMiner • PADS ( Passive Attack Detection System ) • ………Many other tools . 18 Jan 2014
Now lets peel the onion layers & see what exactly each layer has …. 18 Jan 2014
Snort / Suricata  Snort is an open source network intrusion detection and prevention system (IDS/IPS)  Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine . 18 Jan 2014
Why to use only those IDS Engines  Highly Scalable  Protocol Identification  File Identification,  MD5 Checksums  File Extraction 18 Jan 2014
Snorby  Ruby on Rails Application for Network Security Monitoring ( Web frontend )  Metrics & Reports  Classifications  Full Packet  Custom Settings  Hotkeys 18 Jan 2014
Bro  Bro is a powerful network analysis framework that is much different from the typical IDS you may know.  high-level semantic analysis at the application layer.  site-specific monitoring policies.  comprehensively logs what it sees and provides a high-level archive of a network's activity. 18 Jan 2014
Features of BRO  All HTTP sessions with their requested URIs  key headers  MIME types, and server responses  DNS requests with replies  SSL certificates  key content of SMTP sessions  ………….and much more. 18 Jan 2014
Sguil  It is an analyst console for Security Monitoring  It’s a powerful and capable solution for  Event Analysis  Coreleation and  review Even ….  real-time events  session data  raw packet captures. 18 Jan 2014
Squert  A web interface to query and view Sguil event data and designed to supplement Sguil by providing addition context around the events .  Squert is a visual tool  additional context to events ……  metadata,  time series representations  weighted and logically grouped result sets 18 Jan 2014
18 Jan 2014
Enterprise-Log-Search-andArchive  Centralized syslog framework built on  Syslog-NG  MySQL  Sphinx full-text search. Allows for event searching and visualization of all the Log data security onion consumes , including    OSSEC Snort / Suricata BRO IDS Distributed log Archive System 18 Jan 2014
Features of ELSA • High-volume receiving/indexing • Full Active Directory/LDAP integration for • • • • authentication, authorization, email settings Dashboards using Google Visualizations Email alerting, scheduled reports. Plugin architecture for web interface Distributed architecture for clusters 18 Jan 2014
Network miner  Network Forensic Analysis Tool  passive network sniffer/packet capturing tool  operating systems  Sessions  Hostnames  open ports etc 18 Jan 2014
Sec Onion Support ……….  Alert data - HIDS alerts from OSSEC and NIDS      alerts from Snort/Suricata Asset data from Pads and Bro Full content data from netsniff-ng Host data via OSSEC and syslog-ng Session data from Argus, Pads, and Bro Transaction data - http/ftp/dns/ssl/other logs from Bro 18 Jan 2014
Refrences  http://blog.securityonion.net/  http://www.bro.org  http://www.snort.org/  http://www.google.com 18 Jan 2014
Its time for DEMO 18 Jan 2014

Recomendados

Security Onion
Security OnionSecurity Onion
Security Onionjohndegruyter
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTAshley Deuble
 
Security Onion
Security OnionSecurity Onion
Security Onionn|u - The Open Security Community
 
security onion
security onionsecurity onion
security onionBoni Yeamin
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101Digit Oktavianto
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 

Recomendados

Security Onion
Security OnionSecurity Onion
Security Onionjohndegruyter
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTAshley Deuble
 
Security Onion
Security OnionSecurity Onion
Security Onionn|u - The Open Security Community
 
security onion
security onionsecurity onion
security onionBoni Yeamin
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101Digit Oktavianto
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Automating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsAutomating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsApurv Singh Gautam
 
Web uygulama açıklıklarından faydalanarak sistem ele geçirme
Web uygulama açıklıklarından faydalanarak sistem ele geçirmeWeb uygulama açıklıklarından faydalanarak sistem ele geçirme
Web uygulama açıklıklarından faydalanarak sistem ele geçirmeBTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightningwremes
 
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzBSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzChristopher Gerritz
 
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBGA Cyber Security
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Splunk
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS BasicsMahendra Pratap Singh
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wiresharkn|u - The Open Security Community
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 eventsMichael Gough
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouKevin Fealey
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with SplunkSplunk
 
2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion ConferenceDefensiveDepth
 
Kịch bản demo phát hiện xâm nhập sử dụng snort ids
Kịch bản demo phát hiện xâm nhập sử dụng snort idsKịch bản demo phát hiện xâm nhập sử dụng snort ids
Kịch bản demo phát hiện xâm nhập sử dụng snort idsLinh Hoang
 

Mais conteúdo relacionado

Mais procurados

Automating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsAutomating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsApurv Singh Gautam
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightningwremes
 
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzBSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzChristopher Gerritz
 
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBGA Cyber Security
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Splunk
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 eventsMichael Gough
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouKevin Fealey
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with SplunkSplunk
 

Mais procurados (20)

Automating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsAutomating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty things
 
Web uygulama açıklıklarından faydalanarak sistem ele geçirme
Web uygulama açıklıklarından faydalanarak sistem ele geçirmeWeb uygulama açıklıklarından faydalanarak sistem ele geçirme
Web uygulama açıklıklarından faydalanarak sistem ele geçirme
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightning
 
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzBSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
 
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAM
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 events
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
NMAP
NMAPNMAP
NMAP
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
 

Destaque

2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion ConferenceDefensiveDepth
 
Kịch bản demo phát hiện xâm nhập sử dụng snort ids
Kịch bản demo phát hiện xâm nhập sử dụng snort idsKịch bản demo phát hiện xâm nhập sử dụng snort ids
Kịch bản demo phát hiện xâm nhập sử dụng snort idsLinh Hoang
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016DefensiveDepth
 
Security Onion Conference - 2015
Security Onion Conference - 2015Security Onion Conference - 2015
Security Onion Conference - 2015DefensiveDepth
 
10 step-to-configure-cisco-call-manager-express
10 step-to-configure-cisco-call-manager-express10 step-to-configure-cisco-call-manager-express
10 step-to-configure-cisco-call-manager-expressNguyen Thanh
 
Security Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesSecurity Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesbsidesaugusta
 
3 cucm database
3 cucm database3 cucm database
3 cucm databasepasabakac
 
Báo cáo Luận Văn Tốt Nghiệp
Báo cáo Luận Văn Tốt NghiệpBáo cáo Luận Văn Tốt Nghiệp
Báo cáo Luận Văn Tốt NghiệpHoHoangKha
 
Cisco Call Manager on CISCO IOS
Cisco Call Manager on CISCO IOSCisco Call Manager on CISCO IOS
Cisco Call Manager on CISCO IOSHermann GBILIMAKO
 
Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1Barry Hesk
 
Aws security with HIDS, OSSEC
Aws security with HIDS, OSSECAws security with HIDS, OSSEC
Aws security with HIDS, OSSECMayank Gaikwad
 
[Khóa luận tốt nghiệp] - Tìm hiểu và triển khai Snort/SnortSam
[Khóa luận tốt nghiệp] - Tìm hiểu và triển khai Snort/SnortSam[Khóa luận tốt nghiệp] - Tìm hiểu và triển khai Snort/SnortSam
[Khóa luận tốt nghiệp] - Tìm hiểu và triển khai Snort/SnortSamTiki.vn
 
SOC2016 - The Investigation Labyrinth
SOC2016 - The Investigation LabyrinthSOC2016 - The Investigation Labyrinth
SOC2016 - The Investigation Labyrinthchrissanders88
 
He thong phat hien xam nhap IDS
He thong phat hien xam nhap IDSHe thong phat hien xam nhap IDS
He thong phat hien xam nhap IDSBui Loc
 
Hướng dẫn xây dựng mô hình mạng với vmware
Hướng dẫn xây dựng mô hình mạng với vmwareHướng dẫn xây dựng mô hình mạng với vmware
Hướng dẫn xây dựng mô hình mạng với vmwarelaonap166
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 

Destaque (20)

2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion Conference
 
Kịch bản demo phát hiện xâm nhập sử dụng snort ids
Kịch bản demo phát hiện xâm nhập sử dụng snort idsKịch bản demo phát hiện xâm nhập sử dụng snort ids
Kịch bản demo phát hiện xâm nhập sử dụng snort ids
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016
 
Security Onion Conference - 2015
Security Onion Conference - 2015Security Onion Conference - 2015
Security Onion Conference - 2015
 
Security Onion Advance
Security Onion AdvanceSecurity Onion Advance
Security Onion Advance
 
Thc hydra
Thc hydraThc hydra
Thc hydra
 
10 step-to-configure-cisco-call-manager-express
10 step-to-configure-cisco-call-manager-express10 step-to-configure-cisco-call-manager-express
10 step-to-configure-cisco-call-manager-express
 
Security Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesSecurity Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutes
 
Dacs snort
Dacs snortDacs snort
Dacs snort
 
3 cucm database
3 cucm database3 cucm database
3 cucm database
 
Báo cáo Luận Văn Tốt Nghiệp
Báo cáo Luận Văn Tốt NghiệpBáo cáo Luận Văn Tốt Nghiệp
Báo cáo Luận Văn Tốt Nghiệp
 
Cisco Call Manager on CISCO IOS
Cisco Call Manager on CISCO IOSCisco Call Manager on CISCO IOS
Cisco Call Manager on CISCO IOS
 
Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1
 
Aws security with HIDS, OSSEC
Aws security with HIDS, OSSECAws security with HIDS, OSSEC
Aws security with HIDS, OSSEC
 
Implementing ossec
Implementing ossecImplementing ossec
Implementing ossec
 
[Khóa luận tốt nghiệp] - Tìm hiểu và triển khai Snort/SnortSam
[Khóa luận tốt nghiệp] - Tìm hiểu và triển khai Snort/SnortSam[Khóa luận tốt nghiệp] - Tìm hiểu và triển khai Snort/SnortSam
[Khóa luận tốt nghiệp] - Tìm hiểu và triển khai Snort/SnortSam
 
SOC2016 - The Investigation Labyrinth
SOC2016 - The Investigation LabyrinthSOC2016 - The Investigation Labyrinth
SOC2016 - The Investigation Labyrinth
 
He thong phat hien xam nhap IDS
He thong phat hien xam nhap IDSHe thong phat hien xam nhap IDS
He thong phat hien xam nhap IDS
 
Hướng dẫn xây dựng mô hình mạng với vmware
Hướng dẫn xây dựng mô hình mạng với vmwareHướng dẫn xây dựng mô hình mạng với vmware
Hướng dẫn xây dựng mô hình mạng với vmware
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 

Semelhante a Security Onion - Introduction

Linux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsxLinux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsxBrenoMeister
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
Eagle eye presentation ver 2.0 slides
Eagle eye presentation ver 2.0 slidesEagle eye presentation ver 2.0 slides
Eagle eye presentation ver 2.0 slidesManjunath M Gowda
 
Eagle eye presentation ver 2.0 slides
Eagle eye presentation ver 2.0 slidesEagle eye presentation ver 2.0 slides
Eagle eye presentation ver 2.0 slidesManjunath M Gowda
 
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysWebinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysGeorg Knon
 
Enterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior AnalyticsEnterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior AnalyticsSplunk
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthStephanie Bies
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthStephanie Bies
 
"In love with Open Source : Past, Present and Future" : Keynote OSDConf 2014
"In love with Open Source : Past, Present and Future" : Keynote OSDConf 2014"In love with Open Source : Past, Present and Future" : Keynote OSDConf 2014
"In love with Open Source : Past, Present and Future" : Keynote OSDConf 2014Piyush Kumar
 
Capacity Planning Free Solution
Capacity Planning Free SolutionCapacity Planning Free Solution
Capacity Planning Free Solutionluanrjesus
 
The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)Martin Schütte
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunk
 
Ending the Tyranny of Expensive Security Tools
Ending the Tyranny of Expensive Security ToolsEnding the Tyranny of Expensive Security Tools
Ending the Tyranny of Expensive Security ToolsSolarWinds
 
Ending the Tyranny of Expensive Security Tools
Ending the Tyranny of Expensive Security ToolsEnding the Tyranny of Expensive Security Tools
Ending the Tyranny of Expensive Security ToolsMichele Chubirka
 
Ending the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeEnding the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeMichele Chubirka
 

Semelhante a Security Onion - Introduction (20)

Flow Monitoring Tools, What do we have, What do we need?
Flow Monitoring Tools, What do we have, What do we need?Flow Monitoring Tools, What do we have, What do we need?
Flow Monitoring Tools, What do we have, What do we need?
 
Linux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsxLinux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsx
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Eagle eye presentation ver 2.0 slides
Eagle eye presentation ver 2.0 slidesEagle eye presentation ver 2.0 slides
Eagle eye presentation ver 2.0 slides
 
Eagle eye presentation ver 2.0 slides
Eagle eye presentation ver 2.0 slidesEagle eye presentation ver 2.0 slides
Eagle eye presentation ver 2.0 slides
 
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysWebinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
 
Enterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior AnalyticsEnterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior Analytics
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
An introduction to the prpl foundation
An introduction to the prpl foundationAn introduction to the prpl foundation
An introduction to the prpl foundation
 
soctool.pdf
soctool.pdfsoctool.pdf
soctool.pdf
 
"In love with Open Source : Past, Present and Future" : Keynote OSDConf 2014
"In love with Open Source : Past, Present and Future" : Keynote OSDConf 2014"In love with Open Source : Past, Present and Future" : Keynote OSDConf 2014
"In love with Open Source : Past, Present and Future" : Keynote OSDConf 2014
 
Capacity Planning Free Solution
Capacity Planning Free SolutionCapacity Planning Free Solution
Capacity Planning Free Solution
 
The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
Ending the Tyranny of Expensive Security Tools
Ending the Tyranny of Expensive Security ToolsEnding the Tyranny of Expensive Security Tools
Ending the Tyranny of Expensive Security Tools
 
Ending the Tyranny of Expensive Security Tools
Ending the Tyranny of Expensive Security ToolsEnding the Tyranny of Expensive Security Tools
Ending the Tyranny of Expensive Security Tools
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to Snort
 
Ending the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeEnding the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New Hope
 

Mais de n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mais de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Último

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 

Último (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Security Onion - Introduction

  • 1. n|u / OWASP / G4H / SecurityXploded meet Nishanth Kumar n|u bangalore chapter member 18 Jan 2014
  • 2. What is Security Onion?  Security Onion is a Linux distro for  Intrusion detection,  Network security monitoring, and  log management 18 Jan 2014
  • 3. Onion Layers • Ubuntu based OS • Snort , Suricata • Snorby • Bro • Sguil • Squert • ELSA • NetworkMiner • PADS ( Passive Attack Detection System ) • ………Many other tools . 18 Jan 2014
  • 4. Now lets peel the onion layers & see what exactly each layer has …. 18 Jan 2014
  • 5. Snort / Suricata  Snort is an open source network intrusion detection and prevention system (IDS/IPS)  Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine . 18 Jan 2014
  • 6. Why to use only those IDS Engines  Highly Scalable  Protocol Identification  File Identification,  MD5 Checksums  File Extraction 18 Jan 2014
  • 7. Snorby  Ruby on Rails Application for Network Security Monitoring ( Web frontend )  Metrics & Reports  Classifications  Full Packet  Custom Settings  Hotkeys 18 Jan 2014
  • 8. Bro  Bro is a powerful network analysis framework that is much different from the typical IDS you may know.  high-level semantic analysis at the application layer.  site-specific monitoring policies.  comprehensively logs what it sees and provides a high-level archive of a network's activity. 18 Jan 2014
  • 9. Features of BRO  All HTTP sessions with their requested URIs  key headers  MIME types, and server responses  DNS requests with replies  SSL certificates  key content of SMTP sessions  ………….and much more. 18 Jan 2014
  • 10. Sguil  It is an analyst console for Security Monitoring  It’s a powerful and capable solution for  Event Analysis  Coreleation and  review Even ….  real-time events  session data  raw packet captures. 18 Jan 2014
  • 11. Squert  A web interface to query and view Sguil event data and designed to supplement Sguil by providing addition context around the events .  Squert is a visual tool  additional context to events ……  metadata,  time series representations  weighted and logically grouped result sets 18 Jan 2014
  • 13. Enterprise-Log-Search-andArchive  Centralized syslog framework built on  Syslog-NG  MySQL  Sphinx full-text search. Allows for event searching and visualization of all the Log data security onion consumes , including    OSSEC Snort / Suricata BRO IDS Distributed log Archive System 18 Jan 2014
  • 14. Features of ELSA • High-volume receiving/indexing • Full Active Directory/LDAP integration for • • • • authentication, authorization, email settings Dashboards using Google Visualizations Email alerting, scheduled reports. Plugin architecture for web interface Distributed architecture for clusters 18 Jan 2014
  • 15. Network miner  Network Forensic Analysis Tool  passive network sniffer/packet capturing tool  operating systems  Sessions  Hostnames  open ports etc 18 Jan 2014
  • 16. Sec Onion Support ……….  Alert data - HIDS alerts from OSSEC and NIDS      alerts from Snort/Suricata Asset data from Pads and Bro Full content data from netsniff-ng Host data via OSSEC and syslog-ng Session data from Argus, Pads, and Bro Transaction data - http/ftp/dns/ssl/other logs from Bro 18 Jan 2014
  • 17. Refrences  http://blog.securityonion.net/  http://www.bro.org  http://www.snort.org/  http://www.google.com 18 Jan 2014