Finally doing some upgrades to my SO VM at the house, not going 100% to the newest (though I do have a copy of Hybrid Hunter that I spin up just to check it out). I like to have a few different versions of SecurityOnion running in VM's so I can see what has changed/improved over time.
Working with SecurityOnion almost daily I like to also have a copy of what I work with so I can test new things, or try pulling in different types of data.
I went with a pretty standard install, switched from Snort to Suricata, but I left out Salts (need to do some more research on that part and see if it's needed in a single master install, considering the Sosetup pretty much builds the system for you.
I have also updated my Splunk install (7.3.1), I used a recent version I had, didn't realize they were already up to 8.0. Added the Splunk forwarder on the SO server. Things look good both in Kibana and Splunk now.
It's nice to be able to have the ability to look at the traffic through my house in both Kibana and Splunk, but to be fair I need to learn how to do searches better in Kibana then Splunk. Not saying I am great at Splunk, but I do find it easier for creating lookup tables and general search strings.
Now to figure out the most common issues that go along with Security Onion 16 that are different than what was common in 14.
Working with SecurityOnion almost daily I like to also have a copy of what I work with so I can test new things, or try pulling in different types of data.
I went with a pretty standard install, switched from Snort to Suricata, but I left out Salts (need to do some more research on that part and see if it's needed in a single master install, considering the Sosetup pretty much builds the system for you.
I have also updated my Splunk install (7.3.1), I used a recent version I had, didn't realize they were already up to 8.0. Added the Splunk forwarder on the SO server. Things look good both in Kibana and Splunk now.
It's nice to be able to have the ability to look at the traffic through my house in both Kibana and Splunk, but to be fair I need to learn how to do searches better in Kibana then Splunk. Not saying I am great at Splunk, but I do find it easier for creating lookup tables and general search strings.
Now to figure out the most common issues that go along with Security Onion 16 that are different than what was common in 14.
No comments:
Post a Comment