Time
3 hours 10 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
All right. Now, let's have a quick overview of the security onion cheat sheet. Now the security onion cheat sheet is put out by the security onion team, and it is a sheet full of
00:12
helpful
00:14
file locations, configuration locations, common tasks
00:18
and things like that. So in your day to day activities, using security onion, it can be pretty helpful if you forget a particular command. Or if you just want to know where
00:30
your logs they're stored, it will help you find that, too.
00:34
So let's take a quick look
00:37
over here. Will will start on the left. We have our important files. So we have things like general setting, sensor setting things like that. So if you ever want to know how, exactly how your security onion instances set up, we have our etc. And sm security onion dot com.
00:53
Then sensing settings, log stash config, things like that
00:58
Now over log files.
01:00
So we have prologue. The last alert.
01:03
Ah,
01:06
elastic search things like that. So, for example, if you're ever trouble shooting a cabana issue, you go Varla Gabbana Gabbana log, look for their and
01:15
see if it's telling you what's broken
01:19
and if you want to do any performance tuning. We have thes file locations here processes.
01:26
Then
01:27
we have all of our rule management on rule locations here. So if you ever want to work on your I. D. S rules, you go to etc n sm rules, downloaded rules
01:42
And just
01:42
if you ever want to just look at what rules you have installed, you can catch this file and grip whatever you're looking for,
01:51
we can move on packet filtering if you need to do any tuning for that
01:57
data.
01:59
Now, if you ever want to do a,
02:00
uh,
02:02
I'm more granular Query on your fullback captures you conduce that in this file location here an SM sensor data host name interface, daily logs You can search through multiple
02:15
directories
02:17
using snort. That could be pretty helpful if you're looking for something specific, but you
02:23
can't really find it
02:25
through the dashboard.
02:29
Then we have our common tasks. We've already looked at
02:32
ah s O stat down here,
02:36
then we have if you ever need to restart your service is as so stat we ever need toe. Add a user eso user ad
02:45
going down and here we have some of our salt commands. Now. We haven't talked about salt yet, but salt is used to
02:53
how manage your enterprise were manager servers in your environment.
02:58
So, for example, if you ever want to update all of your sensors at the same time, you can do soup and end salt star see MD dot run soup, dash Y
03:09
and that will update your manager and then update everything in your environment. That way, if you have, for example, 50 servers in your security onion build, you don't have to promote into each one of those and run soup. You can just run it one cent. It'll take care of it for you. It's it's pretty handy.
03:28
And then a couple of common ports protocol service Is that air running?
03:32
And then, of course, our support. So read it Paige Wiki Page Blawg and then linked to security Onion Solutions.
03:45
So what once we
03:46
start working more with the tool will
03:50
reference the security young and cheat cheat a bit more. This is just going to be a high level of overview to it just started on it.
03:59
In this lesson, we did a quick review of the documentation page. The Google group and the security onion cheat sheet. Now, in our next lesson, we will show you how to replay traffic on a standalone server and do some basic analysis with security union.
04:13
See you then. Cheers.

Up Next

Security Onion

Security Onion is an open source Network Security Monitoring and log management Linux Distribution. In this course we will learn about the history, components, and architecture of the distro, and we will go over how to install and deploy single and multiple server architectures, as well as how to replay or sniff traffic.

Instructed By

Instructor Profile Image
Karl Hansen
Senior SOC Analyst
Instructor