6.2 Resources Part 2

00:00

All right. Now, let's have a quick overview of the security onion cheat sheet. Now the security onion cheat sheet is put out by the security onion team, and it is a sheet full of

00:12

helpful

00:14

file locations, configuration locations, common tasks

00:18

and things like that. So in your day to day activities, using security onion, it can be pretty helpful if you forget a particular command. Or if you just want to know where

00:30

your logs they're stored, it will help you find that, too.

00:34

So let's take a quick look

00:37

over here. Will will start on the left. We have our important files. So we have things like general setting, sensor setting things like that. So if you ever want to know how, exactly how your security onion instances set up, we have our etc. And sm security onion dot com.

00:53

Then sensing settings, log stash config, things like that

00:58

Now over log files.

01:00

So we have prologue. The last alert.

01:03

Ah,

01:06

elastic search things like that. So, for example, if you're ever trouble shooting a cabana issue, you go Varla Gabbana Gabbana log, look for their and

01:15

see if it's telling you what's broken

01:19

and if you want to do any performance tuning. We have thes file locations here processes.

01:26

Then

01:27

we have all of our rule management on rule locations here. So if you ever want to work on your I. D. S rules, you go to etc n sm rules, downloaded rules

01:42

And just

01:42

if you ever want to just look at what rules you have installed, you can catch this file and grip whatever you're looking for,

01:51

we can move on packet filtering if you need to do any tuning for that

01:57

data.

01:59

Now, if you ever want to do a,

02:00

uh,

02:02

I'm more granular Query on your fullback captures you conduce that in this file location here an SM sensor data host name interface, daily logs You can search through multiple

02:15

directories

02:17

using snort. That could be pretty helpful if you're looking for something specific, but you

02:23

can't really find it

02:25

through the dashboard.

02:29

Then we have our common tasks. We've already looked at

02:32

ah s O stat down here,

02:36

then we have if you ever need to restart your service is as so stat we ever need toe. Add a user eso user ad

02:45

going down and here we have some of our salt commands. Now. We haven't talked about salt yet, but salt is used to

02:53

how manage your enterprise were manager servers in your environment.

02:58

So, for example, if you ever want to update all of your sensors at the same time, you can do soup and end salt star see MD dot run soup, dash Y

03:09

and that will update your manager and then update everything in your environment. That way, if you have, for example, 50 servers in your security onion build, you don't have to promote into each one of those and run soup. You can just run it one cent. It'll take care of it for you. It's it's pretty handy.

03:28

And then a couple of common ports protocol service Is that air running?

03:32

And then, of course, our support. So read it Paige Wiki Page Blawg and then linked to security Onion Solutions.

03:45

So what once we

03:46

start working more with the tool will

03:50

reference the security young and cheat cheat a bit more. This is just going to be a high level of overview to it just started on it.

03:59

In this lesson, we did a quick review of the documentation page. The Google group and the security onion cheat sheet. Now, in our next lesson, we will show you how to replay traffic on a standalone server and do some basic analysis with security union.