3 hours 10 minutes
all right, so there are a handful of commands and configuration files that I've grown accustomed to well, managing a security onion deployment that may be useful for to you, so I'll touch on them really quick.
The first is Squeal D B Purge. If you're having trouble getting squeal toe load for you, there may be an issue with the database.
The issues may be caused by too many at a kn categorized alerts and squeal. Too much data, corrupt database tables, et cetera.
Running this command will clean up old squeal alerts. Remove on categorized alerts until it meets your set threshold, and we'll fix issues with your database. It also restarts the squeal service.
something to try if you're having issues getting ideas, alerts to load
the next two eso elastic configure cabana dashboards and eso elastic Configure cabana are two that I've had to use recently.
Now I've noticed that sometimes on fresh installs of security onion when I go to Cabana,
there will be an error regarding missing index configuration,
since I don't know how to properly configure that. Nor do I care to dig deep into cabana toe most of the time to try to fix it. I searched the Google group and found that these two commands the first will reload the dashboards, and the second will reconfigure Cabana.
Now, if you run into this issue, try the 1st 1 to see if it fixes it. And if not, try the second.
The last thing to cover is around a cabana timeouts.
If you have a particularly busy network, you might run into issues where Cabana takes so long to load it that at times out
this time out is typically around 30,000 milliseconds.
If you want to raise the number to give your dashboards more time to load than edit, X e Gabbana Gabbana dot y ml and add elastic search dot request timeout. Colon 90,000.
This should help.
That's so. This lesson for this course really is not meant to be an exhaustive resource for security. Onion.
My goal has been to introduce you to the tool and to help you overcome some of the pitfalls that I've run into and using it
to really understand the tool of everything that I can do. Read the documentation.
If you have questions, search the Google group first and ask the question. Second. And if all else fails, go on stack overflow. One thing that I've learned while working with security Onion is that none of my problems are unique to me. Someone else out there has had the same issue, and they've been able to solve it,
or they've been ableto ask the
question of other people, and they've been able to help him solve it. So don't be afraid to seek out the answers wherever you can.
Now, this lesson recovered assault setting proxy settings on both the OS and in docker. Basic rule management, auto cat rules and squirt and squeal, and some other helpful commands and tips.
In our next lesson, we will review some of the other functionality that is built into security union.
See you then chairs.