Not sure what you're asking. Security Onion includes the Elastic stack and Kibana. You can use Kibana or our own web interfaces (Alerts and Hunt) to detect these kinds of attacks. If you have further questions or problems, please start a new discussion at securityonion.net/discuss. Thanks!
I notice that they are all set to draft by default. Would it be a bad idea to turn most of them on? How big of an impact would that have on the server?
From docs.securityonion.net/en/2.3/playbook.html#putting-a-play-into-production: "Performance testing is still ongoing. We recommend avoiding the Malicious Nishang PowerShell Commandlets play as it can cause serious performance problems. You may also want to avoid others with a status of experimental." If you have further questions or problems, please start a new discussion at securityonion.net/discuss Thanks!
Great video. The playbook tool is very powerful and allows for unlimited customization. Thanks for this video!
Thanks, glad you like it!
This was an awesome way to understand detection engineering. I’m going to use and implement those 4 steps myself
Thanks, glad you like it!
Can I write this for data source of netflow ? Being that netflow is not processed by suricata etc
If you have questions or problems, please start a new discussion at securityonion.net/discuss
Do you cover ELk kibana siem to detect different network attacks, lateral movement, ransomware attack, phishing attack , incident response ,etc
Not sure what you're asking. Security Onion includes the Elastic stack and Kibana. You can use Kibana or our own web interfaces (Alerts and Hunt) to detect these kinds of attacks.
If you have further questions or problems, please start a new discussion at securityonion.net/discuss.
Thanks!
I notice that they are all set to draft by default. Would it be a bad idea to turn most of them on? How big of an impact would that have on the server?
From docs.securityonion.net/en/2.3/playbook.html#putting-a-play-into-production:
"Performance testing is still ongoing. We recommend avoiding the Malicious Nishang PowerShell Commandlets play as it can cause serious performance problems. You may also want to avoid others with a status of experimental."
If you have further questions or problems, please start a new discussion at securityonion.net/discuss
Thanks!
very good
Thanks!