3 hours 10 minutes
All right, so now we will take a look at the tools that are accessible through our Web browser.
So when we ran the setup scripts on this instance,
it's gave us a couple of shortcuts on our desktop.
Well, first, start out with the read me, which just sends us to local host.
It will take a moment. It'll node
home, right. So
So we were able to access this directly from the virtual machine that we're in.
But since we have this set to abridge connection, we can actually access it through our
Web browser just on the network
for a demonstration. We have it right here.
This is the I. P address of the virtual machine, just https Coghlan's Last Flash I P address. And it is the same screen that we have here.
So, landing page, this is where we can go to find some interesting information.
first of all, we have ah, short blurb about what security onion is. Think that we had this in the shower
introduction to security onion,
Then we have some Resource is for online documentation, will cover document the documentation side in our next video,
and then information about how to install. Configure. Yeah,
Geechee. It's pretty handy will cover it at in our next video as well.
Down here, we get into some of the tools that air installed.
So Cyber chef is Ah,
pretty handy tool to have around.
If you look over here, we have
everything that we can do with Cyber Chef.
We have some of our favorites. So to and from base 64 to 1 from Hex
Hex dump. You are Ella Decode, Reg. Ex entropy, etcetera.
If we want to
do any hashing if we wanted to
Has something in MD four, maybe five
TCP I p check some. We can do anything we want as faras hashing. And here,
let's do ah, little bit of
playing around. See what we can do
base 64 dragon over here.
Uh, my copy and paste isn't war.
Apparently, I'm not able Thio
However, it's a hello world in base 64.
Is this string right here?
We copy that. Let's see if we can do from base 64.
All right, so it goes back and forth,
See if we can
go from Hex,
strictly speaking. This isn't a security tool, but this will definitely make your
life easier when you're working on
on investigation or if you're trying to write a rule or anything like that,
there are a lot of attacks that I've seen come in. Where the attack itself is based, 64 encoded.
That is probably true to try to hide itself from a 90 s.
but by decoding the basics before you can
see exactly what's coming in, if you can see what's coming in than you
no, what they're trying to do with it.
All right, The next component is squirt,
to concede here, and it allows you to view and categorize meds and heads alerts.
So since there is potentially sensitive information hiding behind this one, it
requires a log it.
All right, so this is the
right now. We only have a West sec alerts in here, since we have not thrown any
network data at it.
But you can see
everything that a West sect has triggered on.
We have our time line up here,
various bits of data over here,
just out of the box. Everything in squirt is uncanny arised,
One of the
tuning things that you need to do when you are managing an enterprise. Deployment of security onion is is just coming in here and
categorizing all the alerts coming in. We will cover that in the tuning section, but
it's good to know what's coming up
up here. We have our summary.
Ah, handy dandy world map.
Various views that we can
love. Cats san key diagram. Destination country.
Since we haven't thrown any they did at this again, we won't really see too much.
All right. And the last component will take a look at his cabana.
So Obama is the top of the elastic stack, as we've talked about,
it will automatically load in tow our dashboard here.
We won't go over everything that is in here. But,
Gabbana, there's just a lot to go over
right now. We only have our West second
alerts. That air coming in. We only have our
security onion cyber ery device, mostly just because this is ah standalone device. Once we start throwing data at this than
the cuse me, data will be broken out by tykes by bro.
So you see, right here we have bro hunting.
These are all of the categories. That, bro, breaks out our traffic into by default.
So connections. D c e r r p c D h cp etcetera.
D n s f f t p Http software Sshh.
up here. We have our alerts. Data,
the needs. So network intrusion detection system. This is where all of our snort alerts will be coming.
we have heads,
all right. Quite sure what's taking us there?
Okay. Couldn't it could not find that dashboard.
All right, So our kids are our host intrusion detection
system, which is a west sack,
and we come back to home. We can see all of those.
Once we start replaying traffic will really dig into how to use
Ah, cabana and squirt. Right now, it's just meant to be a high level overview of everything that's been installed
Using Snort and Wireshark to Analyze Traffic
The Using Snort and Wireshark to Analyze Traffic virtual lab from CybrScore guides the student ...
The IDS Setup virtual lab from CybrScore guides the student through setting up an intrusion ...