Note: This article is a copy of one I have written for the compliance.engineering site. Check it out! The organizational dilemma of understanding systems Every day decisions are made, from the low-risk decision on how you would like your coffee or tea, to high-risk decisions on organizational strategy or accepting the implications stemming from proposed …
So, you’ve got Security Onion (SO) running from the Security-Appliance-in-a-Box via Ansible. Now what? How do you begin to ingest logs from your other devices into the included Elastic instance? I’m glad you asked! There’s a couple steps you’ll need to follow. Allow Access First you’re going to need to open the firewall to allow …
Read more “Ingesting External Logs via Security Onion’s Elasticsearch”
For my home network I’ve historically used an IPfire firewall, running on a Raspberry Pi. In general, it’s been a great little setup, however I’ve decided that I wanted to move to a beefier rig that contains both a pfSense Firewall, and a NIDS tap that feeds into a Security Onion Server, all on the …