5.3 Security Onion Web Browser Tools

00:01

All right, so now we will take a look at the tools that are accessible through our Web browser.

00:08

So when we ran the setup scripts on this instance,

00:13

it's gave us a couple of shortcuts on our desktop.

00:19

Well, first, start out with the read me, which just sends us to local host.

00:27

It will take a moment. It'll node

00:35

home, right. So

00:38

So we were able to access this directly from the virtual machine that we're in.

00:45

But since we have this set to abridge connection, we can actually access it through our

00:51

Web browser just on the network

00:54

for a demonstration. We have it right here.

00:57

This is the I. P address of the virtual machine, just https Coghlan's Last Flash I P address. And it is the same screen that we have here.

01:11

So, landing page, this is where we can go to find some interesting information.

01:17

So,

01:19

first of all, we have ah, short blurb about what security onion is. Think that we had this in the shower

01:26

introduction to security onion,

01:29

Then we have some Resource is for online documentation, will cover document the documentation side in our next video,

01:37

and then information about how to install. Configure. Yeah,

01:42

too true.

01:42

Geechee. It's pretty handy will cover it at in our next video as well.

01:48

Down here, we get into some of the tools that air installed.

01:51

So Cyber chef is Ah,

01:53

pretty handy tool to have around.

01:59

If you look over here, we have

02:01

everything that we can do with Cyber Chef.

02:05

We have some of our favorites. So to and from base 64 to 1 from Hex

02:10

Hex dump. You are Ella Decode, Reg. Ex entropy, etcetera.

02:16

If we want to

02:21

do any hashing if we wanted to

02:25

Has something in MD four, maybe five

02:32

TCP I p check some. We can do anything we want as faras hashing. And here,

02:39

let's do ah, little bit of

02:43

playing around. See what we can do

02:46

We grab

02:47

base 64 dragon over here.

02:58

Uh, my copy and paste isn't war.

03:09

Apparently, I'm not able Thio

03:14

share my

03:17

However, it's a hello world in base 64.

03:23

Is this string right here?

03:27

We copy that. Let's see if we can do from base 64.

03:36

All right, so it goes back and forth,

03:39

See if we can

03:43

go from Hex,

03:50

right?

03:52

So

03:53

strictly speaking. This isn't a security tool, but this will definitely make your

04:00

life easier when you're working on

04:04

on investigation or if you're trying to write a rule or anything like that,

04:10

there are a lot of attacks that I've seen come in. Where the attack itself is based, 64 encoded.

04:16

That is probably true to try to hide itself from a 90 s.

04:20

Oh,

04:23

but by decoding the basics before you can

04:27

see exactly what's coming in, if you can see what's coming in than you

04:30

no, what they're trying to do with it.

04:34

All right, The next component is squirt,

04:39

so

04:40

to concede here, and it allows you to view and categorize meds and heads alerts.

04:48

So since there is potentially sensitive information hiding behind this one, it

04:54

requires a log it.

05:03

All right, so this is the

05:06

squirt

05:09

dashboard

05:11

right now. We only have a West sec alerts in here, since we have not thrown any

05:16

network data at it.

05:18

But you can see

05:20

everything that a West sect has triggered on.

05:25

We have our time line up here,

05:29

and then

05:30

various bits of data over here,

05:33

just out of the box. Everything in squirt is uncanny arised,

05:39

One of the

05:43

tuning things that you need to do when you are managing an enterprise. Deployment of security onion is is just coming in here and

05:51

categorizing all the alerts coming in. We will cover that in the tuning section, but

05:59

it's good to know what's coming up

06:08

up here. We have our summary.

06:12

Ah, handy dandy world map.

06:16

Various views that we can

06:18

love. Cats san key diagram. Destination country.

06:24

Since we haven't thrown any they did at this again, we won't really see too much.

06:39

All right. And the last component will take a look at his cabana.

06:48

So Obama is the top of the elastic stack, as we've talked about,

06:55

it will automatically load in tow our dashboard here.

07:03

We won't go over everything that is in here. But,

07:08

Gabbana, there's just a lot to go over

07:12

right now. We only have our West second

07:16

alerts. That air coming in. We only have our

07:20

security onion cyber ery device, mostly just because this is ah standalone device. Once we start throwing data at this than

07:30

the cuse me, data will be broken out by tykes by bro.

07:38

So you see, right here we have bro hunting.

07:41

These are all of the categories. That, bro, breaks out our traffic into by default.

07:46

So connections. D c e r r p c D h cp etcetera.

07:53

D n s f f t p Http software Sshh.

08:00

Then

08:01

up here. We have our alerts. Data,

08:03

the needs. So network intrusion detection system. This is where all of our snort alerts will be coming.

08:13

Now

08:18

we have heads,

08:22

all right. Quite sure what's taking us there?

08:26

Okay. Couldn't it could not find that dashboard.

08:33

All right, So our kids are our host intrusion detection

08:37

system, which is a west sack,

08:39

and we come back to home. We can see all of those.

08:46

Once we start replaying traffic will really dig into how to use