Looking forward to the other parts! I was searching for security onion related resources and was pleasantly surprised to find this for an exact setup I'm trying to build! Awesome 👍
Thanks Sir, I request you to keep please keep posting. I went through many youtube video tutorials but I could not understand where and how to set up interfaces. I was stuck in NAT and Host Only options and was not getting logs on Security Onion but your video helped me to correct everything. Please make keep making such videos.
I am glad it helped yoi nitin, this was my goal. And yes, i want to make more interesting amd informational videos like this in the future . Need the support of yoo guys 👍👍. Thanks
I just had binged watched ALL of your videos. You really explain things well. Thank you very much for sharing us your knowledge. Hopefully we can see more of your security onion episodes and more of real life sample scenarios. I found out that your previous video was last year. Hopefully you can make your next video a little sooner and not on 2021 hehe. Thank you for creating such wonderful contents. I learn a lot from your videos. Keep safe.
hello! this video was very informative! can you run attacks on microservices? which are running using kubernetes and kibana? any ideas on how to do this?
Yes we can, the path is to use ELK SIEM, you might need to create you own use cases, since this is new konghq.com/blog/10-ways-microservices-create-new-security-challenges/
Hi, how can we put our Nic to promiscuous mode or monitor mode if we install security onion to physical computer with two Nic let us know command way to do so.... Thanks
SO Will automatically do it for you, in a physical setup you need to send the network data to the sniffing interface via a span port or port mirroring www.blackhillsinfosec.com/webcast-how-to-build-a-home-lab/ Hope the above helps
hey, the video was great. I have a question for you i can see the traffic by doing the TCPdump but when i am opening the squill i cant see the traffic can you please help me with this.
Hi Aliasgar, first check if you can pin the VM with each other. Second you should have promiscuous mode enable on the sniffing interface in the SO host
Sir, if possible i would like to watch demonstration on ip spoofing, dhcp snopping etc. Also detection and prevention mechanisms. Sir, do you have any social media account?
Hey, Thanks for the video. It's really helpful though I have an issue-: when I run sudo so-status, it shows FAIL status for so-elasticsearch, so-logstash and so-kibana. Can you giude me through this? FYI- My VM settings for security onion are : 2GB memory, 50 GB hard disk storage and 2 processors.
Hi Isha, your HW requirements matches the minimum. usually elastic related issues occurs when low HW configurations. Even when I run at 8GB and 4 cores logstash takes some time to load (approx 10min). As a last resort can you increase the number of core's from 2 to 4. Let me know your progress.
Hack eXPlorer Hey, I tried reinstalling and setup from the scratch keeping my ram for vm as 4gb and 2 processors. It’s actually working completely fine now and all the services are up. I wonder what could’ve been the issue before. Thanks a lot for all your help.
Every time we wouldn't be able to setup Security Onion in same Network or Network segment. How would we monitor Network devices of other Network or vlan (With in a same Company )? Is their any way to monitor devices via SNMP or Netflow by Security Onion?
Hi Rahman , This video was intended for small home test lab setup, but you can do all you require above from SO. in security onion production mode you can install a security onion instance as a sensor only mode, which will will send information to the central security onion management server. you can place the sensors on server cluster ,DMZ or another install . securityonion.readthedocs.io/en/latest/post-installation.html Security onion is running ELASA which can phrase SNMP blog.securityonion.net/2019/12/security-onion-160463-now-available.html For net-flow www.reddit.com/r/securityonion/comments/an2tu4/netflow_ipflow_ipfix_support/
It's weird I surely followed everything in the website and the network adpater setup here in your video but my host could't still pull up the SO web from the SO VM. Thanks in advance.
I'm trying to install Security Onion in VMware but it requires me to have a 100GB storage as a minimum requirements. Is there any workaround on this? I just want to install it for studying purposes. Thanks
I've learned the hard way....obey all of the resource requirements of Security Onion! It might seem like it installs fine but certain things won't work and you'll waste too much time troubleshooting. You might benefit from buying an old server to dedicate to SO.
Hi, Please check the - FTP Attack and detection scenario using this LAB setup.
Watch here : ua-cam.com/video/THNxXOgYxmk/v-deo.html
Awesome concept
Looking forward to the other parts! I was searching for security onion related resources and was pleasantly surprised to find this for an exact setup I'm trying to build! Awesome 👍
Glad to be a help, Thankyou 👍
Was about to say the exact same thing :P
Awesome ! I am currently in the process of setting up a lab and wanted to learn about Security Onion. I am so glad to have found your video.
Thankyou for the feed back, also try thr latest version of security onion 2.3, but it requires a lot of hardware.16 is good for a low power device
Thanks Sir, I request you to keep please keep posting. I went through many youtube video tutorials but I could not understand where and how to set up interfaces. I was stuck in NAT and Host Only options and was not getting logs on Security Onion but your video helped me to correct everything. Please make keep making such videos.
I am glad it helped yoi nitin, this was my goal. And yes, i want to make more interesting amd informational videos like this in the future . Need the support of yoo guys 👍👍. Thanks
I just had binged watched ALL of your videos. You really explain things well. Thank you very much for sharing us your knowledge. Hopefully we can see more of your security onion episodes and more of real life sample scenarios. I found out that your previous video was last year. Hopefully you can make your next video a little sooner and not on 2021 hehe. Thank you for creating such wonderful contents. I learn a lot from your videos. Keep safe.
HI Mandz, Glad you like them :D
Great video thanks
This was exactly what I was looking for, thanks man! I'm building this to test out some MITRE ATT&CK techniques
Thanks Henry, glad it helped you..
Hi Dud you did really good job i have made some good videos regarding the Security onion and Kali Linux penetration testing
This is good stuff to learn keep it up bro.....waiting for more parts.....Thanks
Thank you for the feedback Javed
thank a lots for your great tuto!
Very clear concept, awesome!
Thank you so much
Thankyou for the feedback Mong
Thank ya
Thank you very much good explanation please try to do more about analyzing traffic with some sample malware file pcap using security onion Cheers Bro
As soon as possible OAI ,thank you
Awesome tutorial!!! Thanks sir.
Thankyou Siam 👍
hello! this video was very informative! can you run attacks on microservices? which are running using kubernetes and kibana? any ideas on how to do this?
Yes we can, the path is to use ELK SIEM, you might need to create you own use cases, since this is new
konghq.com/blog/10-ways-microservices-create-new-security-challenges/
can I use onion to minter other devices outside of MY NETWORK
Hi, how can we put our Nic to promiscuous mode or monitor mode if we install security onion to physical computer with two Nic let us know command way to do so.... Thanks
SO Will automatically do it for you, in a physical setup you need to send the network data to the sniffing interface via a span port or port mirroring
www.blackhillsinfosec.com/webcast-how-to-build-a-home-lab/
Hope the above helps
thanks bro this really helped me
Thankyou for the feedback 👍
hey, the video was great. I have a question for you i can see the traffic by doing the TCPdump but when i am opening the squill i cant see the traffic can you please help me with this.
Hi Aliasgar, first check if you can pin the VM with each other. Second you should have promiscuous mode enable on the sniffing interface in the SO host
Looking for part 2 of this tutorial in more details and various attack analysis.
Sure why not, I have planned some scenarios. What type of attacks are you interested in?
Sir, if possible i would like to watch demonstration on ip spoofing, dhcp snopping etc. Also detection and prevention mechanisms.
Sir, do you have any social media account?
you can find me in FB, Twitter as HackExplorer
Hey, Thanks for the video. It's really helpful though I have an issue-: when I run sudo so-status, it shows FAIL status for so-elasticsearch, so-logstash and so-kibana. Can you giude me through this? FYI- My VM settings for security onion are : 2GB memory, 50 GB hard disk storage and 2 processors.
Hi Isha, the main problem is your ram, you need to allocate at least 8 gb of RAM for the VM.
@@HackeXPlorer I tried but it did not work. Now even, so-curator and so-elastalert shows FAIL status.
Hi Isha, your HW requirements matches the minimum. usually elastic related issues occurs when low HW configurations. Even when I run at 8GB and 4 cores logstash takes some time to load (approx 10min). As a last resort can you increase the number of core's from 2 to 4. Let me know your progress.
Hack eXPlorer Hey, I tried reinstalling and setup from the scratch keeping my ram for vm as 4gb and 2 processors. It’s actually working completely fine now and all the services are up. I wonder what could’ve been the issue before.
Thanks a lot for all your help.
Wow, nice to hear that, stay tuned for more experiments from this setup 👍
Every time we wouldn't be able to setup Security Onion in same Network or Network segment. How would we monitor Network devices of other Network or vlan (With in a same Company )? Is their any way to monitor devices via SNMP or Netflow by Security Onion?
Hi Rahman , This video was intended for small home test lab setup, but you can do all you require above from SO.
in security onion production mode you can install a security onion instance as a sensor only mode, which will will send information to the central security onion management server. you can place the sensors on server cluster ,DMZ or another install .
securityonion.readthedocs.io/en/latest/post-installation.html
Security onion is running ELASA which can phrase SNMP
blog.securityonion.net/2019/12/security-onion-160463-now-available.html
For net-flow
www.reddit.com/r/securityonion/comments/an2tu4/netflow_ipflow_ipfix_support/
Hop you got your answer
thanks
It's always a pleasure 👍
Hello. Can you make another video like this for the new SO 2.3 version? Can't get it working man haha I tried several times.
It's weird I surely followed everything in the website and the network adpater setup here in your video but my host could't still pull up the SO web from the SO VM. Thanks in advance.
@@dummyaccount8483 interesting can you access the webpage within the SO vm?
@@HackeXPlorer Got it working now man. I changed NAT to bridge. thanks!
Plzz make video on how to monitor and detect ransomware on siem
Sure
I'm trying to install Security Onion in VMware but it requires me to have a 100GB storage as a minimum requirements. Is there any workaround on this? I just want to install it for studying purposes. Thanks
Hi Lorenz, for security onion 2.0 you need 100GB at a minimum. here I have used SO16 for demo purpose.
I've learned the hard way....obey all of the resource requirements of Security Onion! It might seem like it installs fine but certain things won't work and you'll waste too much time troubleshooting. You might benefit from buying an old server to dedicate to SO.