3 hours 10 minutes
Hey, folks, welcome toe Lesson six of intro to Security Onion. I'm your instructor. Carl had in this lesson, we will review some of the resources that are available to help you with security on you.
So for the agenda,
first we'll take a look at the documentation page, followed by a look at the Security onion form. And then we'll finish up by looking over the security onion. Cheat cheat.
Oh, all right, let's get started. So in this light, here we have our three Resource is that we're going to take a look at.
We have our documentation site are Google Group
and our T Cheat.
So the documentation site It's the security onion dot Read the docks dot io than our Google Group. That's just a group stock google dot com slash forum Forum's security onion.
Then we have our cheat cheat. The reference here is to the Cici that is on the
ah Security Onion documentation site. You can also get to the cheat sheet from your home page of your security onion installation.
So I already have a pulled up here in my
So pretty much anything you could want to know about security onion can be found here.
So just on our home page, we have a table of contents we have about introduction getting started, analyst tools, network visibility, host visibility,
elastic stack, updating accounts, etcetera, etcetera, etcetera.
So if if you want to
do an installation on your own and you want to read documentation on it, just for example,
you can come in here to getting started. Go to installation.
Have information about doing a quick evaluation, which is what our standalone server is, or if we want to do Ah, production deployment.
We can come in here and read through everything that you need to know about that. So hardware requirements where to download and verify your
security. Onion. I so image
how to architect your distributed deployment
than installing everything.
All the documentation in here is pretty detailed, and I really do appreciate this. There are some open source
tools that I have worked on, where the documentation hasn't been as good, and
there's been a lot of reading on Stack overflow stock exchange websites like that, just trying to get things to work.
I really appreciate the document Documentation page. For that reason,
we obviously can't go over everything that's in here. This is just high level overview
I As with most everything else, I
recommend that you come in here and read it all over. Special. If you're doing a production, deployment has become well versed in the tool.
All right, The next thing to look at is our Security, Onion and Google Group. This is the form and the mailing list.
and here is where people come and ask questions for if
they found that something is broken in their environment and they don't know how to fix it or if they
ah, if they're running into any kind of issues installing it,
that this is where they come and ask questions. And a lot of the security onion team come in here and
they'll help people work through their issues. It's
it's pretty helpful. II.
I've noticed that any time that I've broken something, somebody has broken it on their instance before I have and they've coming in here and asked questions on how to fix it
and so I can come and take a look and see what the resolution was.
So if you ever have ah specific issue that you're trying to work through.
Let's say that our squeal database is broken.
All right, let's see what we get here.
So here's some people who are rebuilding their database on server
person Think that thinks they broke their database on an upgrade
this form has been around for quite some time. So
there are issues going back
in this case to 2012. So that was seven years ago. If basic math serves me
in this case, it looks like they tried to install three times
it's just not working for them.
And one of the first questions that
security onion people
will ask you is for S O stat Redacted. Looks like they attach that here. So
the nice people over at Security onion can take a look. Wes is one of the people over at Security Onion, and he
frequently comes on here and helps people out.
I definitely recommend coming in here and
looking through the forums, looking through the mailing list and see if somebody else has the same issue that you do. And if they do, then
see with a resolution wise and see if it works for you.
Using Snort and Wireshark to Analyze Traffic
The Using Snort and Wireshark to Analyze Traffic virtual lab from CybrScore guides the student ...
The IDS Setup virtual lab from CybrScore guides the student through setting up an intrusion ...