5.3 Security Onion Web Browser Tools

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 10 minutes
Difficulty
Beginner
CEU/CPE
3
Video Transcription
00:01
All right, so now we will take a look at the tools that are accessible through our Web browser.
00:08
So when we ran the setup scripts on this instance,
00:13
it's gave us a couple of shortcuts on our desktop.
00:19
Well, first, start out with the read me, which just sends us to local host.
00:27
It will take a moment. It'll node
00:35
home, right. So
00:38
So we were able to access this directly from the virtual machine that we're in.
00:45
But since we have this set to abridge connection, we can actually access it through our
00:51
Web browser just on the network
00:54
for a demonstration. We have it right here.
00:57
This is the I. P address of the virtual machine, just https Coghlan's Last Flash I P address. And it is the same screen that we have here.
01:11
So, landing page, this is where we can go to find some interesting information.
01:17
So,
01:19
first of all, we have ah, short blurb about what security onion is. Think that we had this in the shower
01:26
introduction to security onion,
01:29
Then we have some Resource is for online documentation, will cover document the documentation side in our next video,
01:37
and then information about how to install. Configure. Yeah,
01:42
too true.
01:42
Geechee. It's pretty handy will cover it at in our next video as well.
01:48
Down here, we get into some of the tools that air installed.
01:51
So Cyber chef is Ah,
01:53
pretty handy tool to have around.
01:59
If you look over here, we have
02:01
everything that we can do with Cyber Chef.
02:05
We have some of our favorites. So to and from base 64 to 1 from Hex
02:10
Hex dump. You are Ella Decode, Reg. Ex entropy, etcetera.
02:16
If we want to
02:21
do any hashing if we wanted to
02:25
Has something in MD four, maybe five
02:32
TCP I p check some. We can do anything we want as faras hashing. And here,
02:39
let's do ah, little bit of
02:43
playing around. See what we can do
02:46
We grab
02:47
base 64 dragon over here.
02:58
Uh, my copy and paste isn't war.
03:09
Apparently, I'm not able Thio
03:14
share my
03:17
However, it's a hello world in base 64.
03:23
Is this string right here?
03:27
We copy that. Let's see if we can do from base 64.
03:36
All right, so it goes back and forth,
03:39
See if we can
03:43
go from Hex,
03:50
right?
03:52
So
03:53
strictly speaking. This isn't a security tool, but this will definitely make your
04:00
life easier when you're working on
04:04
on investigation or if you're trying to write a rule or anything like that,
04:10
there are a lot of attacks that I've seen come in. Where the attack itself is based, 64 encoded.
04:16
That is probably true to try to hide itself from a 90 s.
04:20
Oh,
04:23
but by decoding the basics before you can
04:27
see exactly what's coming in, if you can see what's coming in than you
04:30
no, what they're trying to do with it.
04:34
All right, The next component is squirt,
04:39
so
04:40
to concede here, and it allows you to view and categorize meds and heads alerts.
04:48
So since there is potentially sensitive information hiding behind this one, it
04:54
requires a log it.
05:03
All right, so this is the
05:06
squirt
05:09
dashboard
05:11
right now. We only have a West sec alerts in here, since we have not thrown any
05:16
network data at it.
05:18
But you can see
05:20
everything that a West sect has triggered on.
05:25
We have our time line up here,
05:29
and then
05:30
various bits of data over here,
05:33
just out of the box. Everything in squirt is uncanny arised,
05:39
One of the
05:43
tuning things that you need to do when you are managing an enterprise. Deployment of security onion is is just coming in here and
05:51
categorizing all the alerts coming in. We will cover that in the tuning section, but
05:59
it's good to know what's coming up
06:08
up here. We have our summary.
06:12
Ah, handy dandy world map.
06:16
Various views that we can
06:18
love. Cats san key diagram. Destination country.
06:24
Since we haven't thrown any they did at this again, we won't really see too much.
06:39
All right. And the last component will take a look at his cabana.
06:48
So Obama is the top of the elastic stack, as we've talked about,
06:55
it will automatically load in tow our dashboard here.
07:03
We won't go over everything that is in here. But,
07:08
Gabbana, there's just a lot to go over
07:12
right now. We only have our West second
07:16
alerts. That air coming in. We only have our
07:20
security onion cyber ery device, mostly just because this is ah standalone device. Once we start throwing data at this than
07:30
the cuse me, data will be broken out by tykes by bro.
07:38
So you see, right here we have bro hunting.
07:41
These are all of the categories. That, bro, breaks out our traffic into by default.
07:46
So connections. D c e r r p c D h cp etcetera.
07:53
D n s f f t p Http software Sshh.
08:00
Then
08:01
up here. We have our alerts. Data,
08:03
the needs. So network intrusion detection system. This is where all of our snort alerts will be coming.
08:13
Now
08:18
we have heads,
08:22
all right. Quite sure what's taking us there?
08:26
Okay. Couldn't it could not find that dashboard.
08:33
All right, So our kids are our host intrusion detection
08:37
system, which is a west sack,
08:39
and we come back to home. We can see all of those.
08:46
Once we start replaying traffic will really dig into how to use
08:52
Ah, cabana and squirt. Right now, it's just meant to be a high level overview of everything that's been installed
Up Next