Time
3 hours 10 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:01
All right, so now we will take a look at the tools that are accessible through our Web browser.
00:08
So when we ran the setup scripts on this instance,
00:13
it's gave us a couple of shortcuts on our desktop.
00:19
Well, first, start out with the read me, which just sends us to local host.
00:27
It will take a moment. It'll node
00:35
home, right. So
00:38
So we were able to access this directly from the virtual machine that we're in.
00:45
But since we have this set to abridge connection, we can actually access it through our
00:51
Web browser just on the network
00:54
for a demonstration. We have it right here.
00:57
This is the I. P address of the virtual machine, just https Coghlan's Last Flash I P address. And it is the same screen that we have here.
01:11
So, landing page, this is where we can go to find some interesting information.
01:17
So,
01:19
first of all, we have ah, short blurb about what security onion is. Think that we had this in the shower
01:26
introduction to security onion,
01:29
Then we have some Resource is for online documentation, will cover document the documentation side in our next video,
01:37
and then information about how to install. Configure. Yeah,
01:42
too true.
01:42
Geechee. It's pretty handy will cover it at in our next video as well.
01:48
Down here, we get into some of the tools that air installed.
01:51
So Cyber chef is Ah,
01:53
pretty handy tool to have around.
01:59
If you look over here, we have
02:01
everything that we can do with Cyber Chef.
02:05
We have some of our favorites. So to and from base 64 to 1 from Hex
02:10
Hex dump. You are Ella Decode, Reg. Ex entropy, etcetera.
02:16
If we want to
02:21
do any hashing if we wanted to
02:25
Has something in MD four, maybe five
02:32
TCP I p check some. We can do anything we want as faras hashing. And here,
02:39
let's do ah, little bit of
02:43
playing around. See what we can do
02:46
We grab
02:47
base 64 dragon over here.
02:58
Uh, my copy and paste isn't war.
03:09
Apparently, I'm not able Thio
03:14
share my
03:17
However, it's a hello world in base 64.
03:23
Is this string right here?
03:27
We copy that. Let's see if we can do from base 64.
03:36
All right, so it goes back and forth,
03:39
See if we can
03:43
go from Hex,
03:50
right?
03:52
So
03:53
strictly speaking. This isn't a security tool, but this will definitely make your
04:00
life easier when you're working on
04:04
on investigation or if you're trying to write a rule or anything like that,
04:10
there are a lot of attacks that I've seen come in. Where the attack itself is based, 64 encoded.
04:16
That is probably true to try to hide itself from a 90 s.
04:20
Oh,
04:23
but by decoding the basics before you can
04:27
see exactly what's coming in, if you can see what's coming in than you
04:30
no, what they're trying to do with it.
04:34
All right, The next component is squirt,
04:39
so
04:40
to concede here, and it allows you to view and categorize meds and heads alerts.
04:48
So since there is potentially sensitive information hiding behind this one, it
04:54
requires a log it.
05:03
All right, so this is the
05:06
squirt
05:09
dashboard
05:11
right now. We only have a West sec alerts in here, since we have not thrown any
05:16
network data at it.
05:18
But you can see
05:20
everything that a West sect has triggered on.
05:25
We have our time line up here,
05:29
and then
05:30
various bits of data over here,
05:33
just out of the box. Everything in squirt is uncanny arised,
05:39
One of the
05:43
tuning things that you need to do when you are managing an enterprise. Deployment of security onion is is just coming in here and
05:51
categorizing all the alerts coming in. We will cover that in the tuning section, but
05:59
it's good to know what's coming up
06:08
up here. We have our summary.
06:12
Ah, handy dandy world map.
06:16
Various views that we can
06:18
love. Cats san key diagram. Destination country.
06:24
Since we haven't thrown any they did at this again, we won't really see too much.
06:39
All right. And the last component will take a look at his cabana.
06:48
So Obama is the top of the elastic stack, as we've talked about,
06:55
it will automatically load in tow our dashboard here.
07:03
We won't go over everything that is in here. But,
07:08
Gabbana, there's just a lot to go over
07:12
right now. We only have our West second
07:16
alerts. That air coming in. We only have our
07:20
security onion cyber ery device, mostly just because this is ah standalone device. Once we start throwing data at this than
07:30
the cuse me, data will be broken out by tykes by bro.
07:38
So you see, right here we have bro hunting.
07:41
These are all of the categories. That, bro, breaks out our traffic into by default.
07:46
So connections. D c e r r p c D h cp etcetera.
07:53
D n s f f t p Http software Sshh.
08:00
Then
08:01
up here. We have our alerts. Data,
08:03
the needs. So network intrusion detection system. This is where all of our snort alerts will be coming.
08:13
Now
08:18
we have heads,
08:22
all right. Quite sure what's taking us there?
08:26
Okay. Couldn't it could not find that dashboard.
08:33
All right, So our kids are our host intrusion detection
08:37
system, which is a west sack,
08:39
and we come back to home. We can see all of those.
08:46
Once we start replaying traffic will really dig into how to use
08:52
Ah, cabana and squirt. Right now, it's just meant to be a high level overview of everything that's been installed

Up Next

Security Onion

Security Onion is an open source Network Security Monitoring and log management Linux Distribution. In this course we will learn about the history, components, and architecture of the distro, and we will go over how to install and deploy single and multiple server architectures, as well as how to replay or sniff traffic.

Instructed By

Instructor Profile Image
Karl Hansen
Senior SOC Analyst
Instructor