Monday, June 20, 2022

SecurityOnion@Home - Alerts

 It's been a bit of time with my SecurityOnion server monitoring my network (out-of-band) and wanted to do an update on the type of alerts that I am seeing, and at least try to identify what some of them might be.

Below is a screen shot of some of the alerts.  I also noticed that I am having issues Pivoting to PCAP inside SecurityOnion right now, not sure if it is something I possibly did, or just something with the .130 update (I have not done PCAP since the upgrade)   


 1.  GPL WEB_SERVER:  This looks like my Lenovo Smart Hub is trying to talk to something else on my network (Which is currently not on since I use DHCP, might switch them all to static for better tracking).  But it looks like to trying to talk to these other devices about youtube.

2.  I pay for Spotify for the family, so not really going to delve to deep on this one.

3.  The next 2x are discord which I know is in use also

4.  .cloud - Family is mostly Apple, and a quick look they are all the apple devices.

5.  Microsoft Update - Validated

6.  ET-DNS as Non-Compliant DNS traffic -  Well this is my new cell phone, unsure what is doing.

7.  DNS Query TOR Hidden (.onion) - Also my cell phone.  

***Cell phone is Samsung 22 Ultra (Unlocked) on Tmobile.   I will have to do some more research on these two to see what the phone is doing.  




No comments:

Post a Comment