Hi, now after some other installations in my “lab” it is time to look at logging. I got really inspired by webinars from BlackHills, so a big shout out to them. They are doing great work to spread there knowledge to others!
And soon I WILL get my backdoor and breaches card game!
I do not why, but I downloaded an old image of Security Onion so I need to do this twice now. Your learn from your mistakes I have heard. And I am doing my labs at night so that can be a factor also.
SecurityOnion as the installation goes, they have made it soooooo easy. But as always , you need to learn the applications inside this great solution. RTFM is something that I will do this time. I really want to dig deep in this. Because logging is important, but more important is that you understand whats inside these logs. So back to school after this. In the future a post that can teach you how to use it and not just the installation.
Next post I will be downloading from this site:
We start with a picture as always:
When I created the onion machine I added 2 network cards. Even if they are on the same network or not. We need one Management and one sniff card.
Then start the setup again after the reboot!
I did choose production, becuase I wanted to know what I am installing.
You can have distributed installation of SecurityOnion, but in my case i do not have that so New it is.
We also need a user that have access to the applications on this server.
And a password….dahhh
I did not try Custom, so I do not know what that is. Best Practices seemd ok to me.
No subscriber here…..
As the text says, choose the correct one.
Yes we want to enable this so we can capture all the data on the wire
I added two network card, choose the second card that you have on the machine for the sniffing!
Start Page of Security Onion
Security Onion Cheat Sheet
Surf to the adress: https://onion/app/kibana#
We can now see in a simple way what connections is going on
View and categorize NIDS/HIDS alerts under Squert
That was the installation of the old version of SecurityOnion. See you next time with a newer installation guide for SecurityOnion latest and greatest!