3 hours 10 minutes
All right. Now, let's have a quick overview of the security onion cheat sheet. Now the security onion cheat sheet is put out by the security onion team, and it is a sheet full of
file locations, configuration locations, common tasks
and things like that. So in your day to day activities, using security onion, it can be pretty helpful if you forget a particular command. Or if you just want to know where
your logs they're stored, it will help you find that, too.
So let's take a quick look
over here. Will will start on the left. We have our important files. So we have things like general setting, sensor setting things like that. So if you ever want to know how, exactly how your security onion instances set up, we have our etc. And sm security onion dot com.
Then sensing settings, log stash config, things like that
Now over log files.
So we have prologue. The last alert.
elastic search things like that. So, for example, if you're ever trouble shooting a cabana issue, you go Varla Gabbana Gabbana log, look for their and
see if it's telling you what's broken
and if you want to do any performance tuning. We have thes file locations here processes.
we have all of our rule management on rule locations here. So if you ever want to work on your I. D. S rules, you go to etc n sm rules, downloaded rules
if you ever want to just look at what rules you have installed, you can catch this file and grip whatever you're looking for,
we can move on packet filtering if you need to do any tuning for that
Now, if you ever want to do a,
I'm more granular Query on your fullback captures you conduce that in this file location here an SM sensor data host name interface, daily logs You can search through multiple
using snort. That could be pretty helpful if you're looking for something specific, but you
can't really find it
through the dashboard.
Then we have our common tasks. We've already looked at
ah s O stat down here,
then we have if you ever need to restart your service is as so stat we ever need toe. Add a user eso user ad
going down and here we have some of our salt commands. Now. We haven't talked about salt yet, but salt is used to
how manage your enterprise were manager servers in your environment.
So, for example, if you ever want to update all of your sensors at the same time, you can do soup and end salt star see MD dot run soup, dash Y
and that will update your manager and then update everything in your environment. That way, if you have, for example, 50 servers in your security onion build, you don't have to promote into each one of those and run soup. You can just run it one cent. It'll take care of it for you. It's it's pretty handy.
And then a couple of common ports protocol service Is that air running?
And then, of course, our support. So read it Paige Wiki Page Blawg and then linked to security Onion Solutions.
So what once we
start working more with the tool will
reference the security young and cheat cheat a bit more. This is just going to be a high level of overview to it just started on it.
In this lesson, we did a quick review of the documentation page. The Google group and the security onion cheat sheet. Now, in our next lesson, we will show you how to replay traffic on a standalone server and do some basic analysis with security union.
See you then. Cheers.
Using Snort and Wireshark to Analyze Traffic
The Using Snort and Wireshark to Analyze Traffic virtual lab from CybrScore guides the student ...
The IDS Setup virtual lab from CybrScore guides the student through setting up an intrusion ...