SlideShare a Scribd company logo

Security Onion - Part 1

N
Nishanth Kumar Pathi

Security Onion is a Linux distribution designed for intrusion detection, network security monitoring, and log management, featuring tools like Snort, Suricata, Bro, SGUIL, and ELSA. It provides comprehensive capabilities for analyzing network traffic, detecting intrusions, and visualizing log data through a variety of interfaces. Key features include high-level semantic analysis, real-time event correlation, and customizable reporting.

Technology
1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
n|u / OWASP / G4H / SecurityXploded meet Nishanth Kumar n|u bangalore chapter member 18 Jan 2014
What is Security Onion?  Security Onion is a Linux distro for  Intrusion detection,  Network security monitoring, and  log management 18 Jan 2014
Onion Layers • Ubuntu based OS • Snort , Suricata • Snorby • Bro • Sguil • Squert • ELSA • NetworkMiner • PADS ( Passive Attack Detection System ) • ………Many other tools . 18 Jan 2014
Now lets peel the onion layers & see what exactly each layer has …. 18 Jan 2014
Snort / Suricata  Snort is an open source network intrusion detection and prevention system (IDS/IPS)  Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine . 18 Jan 2014
Why to use only those IDS Engines  Highly Scalable  Protocol Identification  File Identification,  MD5 Checksums  File Extraction 18 Jan 2014
Snorby  Ruby on Rails Application for Network Security Monitoring ( Web frontend )  Metrics & Reports  Classifications  Full Packet  Custom Settings  Hotkeys 18 Jan 2014
Bro  Bro is a powerful network analysis framework that is much different from the typical IDS you may know.  high-level semantic analysis at the application layer.  site-specific monitoring policies.  comprehensively logs what it sees and provides a high-level archive of a network's activity. 18 Jan 2014
Features of BRO  All HTTP sessions with their requested URIs  key headers  MIME types, and server responses  DNS requests with replies  SSL certificates  key content of SMTP sessions  ………….and much more. 18 Jan 2014
Sguil  It is an analyst console for Security Monitoring  It’s a powerful and capable solution for  Event Analysis  Coreleation and  review Even ….  real-time events  session data  raw packet captures. 18 Jan 2014
Squert  A web interface to query and view Sguil event data and designed to supplement Sguil by providing addition context around the events .  Squert is a visual tool  additional context to events ……  metadata,  time series representations  weighted and logically grouped result sets 18 Jan 2014
18 Jan 2014
Enterprise-Log-Search-andArchive  Centralized syslog framework built on  Syslog-NG  MySQL  Sphinx full-text search. Allows for event searching and visualization of all the Log data security onion consumes , including    OSSEC Snort / Suricata BRO IDS Distributed log Archive System 18 Jan 2014
Features of ELSA • High-volume receiving/indexing • Full Active Directory/LDAP integration for • • • • authentication, authorization, email settings Dashboards using Google Visualizations Email alerting, scheduled reports. Plugin architecture for web interface Distributed architecture for clusters 18 Jan 2014
Network miner  Network Forensic Analysis Tool  passive network sniffer/packet capturing tool  operating systems  Sessions  Hostnames  open ports etc 18 Jan 2014
Sec Onion Support ……….  Alert data - HIDS alerts from OSSEC and NIDS      alerts from Snort/Suricata Asset data from Pads and Bro Full content data from netsniff-ng Host data via OSSEC and syslog-ng Session data from Argus, Pads, and Bro Transaction data - http/ftp/dns/ssl/other logs from Bro 18 Jan 2014
Refrences  http://blog.securityonion.net/  http://www.bro.org  http://www.snort.org/  http://www.google.com 18 Jan 2014
Its time for DEMO 18 Jan 2014

More Related Content

PDF
Security Onion - Introduction
n|u - The Open Security Community
 
PDF
Defensive information warfare on open platforms
Ben Tullis
 
PDF
Security Onion
n|u - The Open Security Community
 
PDF
Security Onion: Watching for Leeks
Kory Kyzar
 
PPTX
Security onion
Kaustubh Padwad
 
PPTX
Security Onion
johndegruyter
 
PPTX
Security Onion - Brief
Ashley Deuble
 
PPTX
Intro to NSM with Security Onion - AusCERT
Ashley Deuble
 
Security Onion - Introduction
n|u - The Open Security Community
 
Defensive information warfare on open platforms
Ben Tullis
 
Security Onion
n|u - The Open Security Community
 
Security Onion: Watching for Leeks
Kory Kyzar
 
Security onion
Kaustubh Padwad
 
Security Onion
johndegruyter
 
Security Onion - Brief
Ashley Deuble
 
Intro to NSM with Security Onion - AusCERT
Ashley Deuble
 

Similar to Security Onion - Part 1 (20)

PDF
Flow Monitoring Tools, What do we have, What do we need?
CSUC - Consorci de Serveis Universitaris de Catalunya
 
PPSX
Linux for Cybersecurity CYB110 - Unit 8.ppsx
BrenoMeister
 
PPTX
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk
 
PPSX
Eagle eye presentation ver 2.0 slides
Manjunath M Gowda
 
PPSX
Eagle eye presentation ver 2.0 slides
Manjunath M Gowda
 
PPTX
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Georg Knon
 
PPTX
Enterprise Sec + User Bahavior Analytics
Splunk
 
PPTX
SplunkLive! Customer Presentation – athenahealth
Stephanie Bies
 
PPTX
SplunkLive! Customer Presentation – athenahealth
Stephanie Bies
 
PPTX
An introduction to the prpl foundation
Imagination Technologies
 
PDF
soctool.pdf
nitinscribd
 
PDF
Report on SNORT Intrusion Detection System.pdf
b2zvmjrgk7
 
PDF
"In love with Open Source : Past, Present and Future" : Keynote OSDConf 2014
Piyush Kumar
 
PPT
Capacity Planning Free Solution
luanrjesus
 
PDF
The IPv6 Snort Plugin (at DeepSec 2014)
Martin Schütte
 
PDF
What are the monitoring tools used in Linux Servers.pdf
arunnule1
 
PDF
OSINT: Open Source Intelligence - Rohan Braganza
NSConclave
 
PPTX
SplunkLive! Customer Presentation – athenahealth
Splunk
 
PPTX
Ending the Tyranny of Expensive Security Tools
Michele Chubirka
 
PPTX
Ending the Tyranny of Expensive Security Tools
SolarWinds
 
Flow Monitoring Tools, What do we have, What do we need?
CSUC - Consorci de Serveis Universitaris de Catalunya
 
Linux for Cybersecurity CYB110 - Unit 8.ppsx
BrenoMeister
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk
 
Eagle eye presentation ver 2.0 slides
Manjunath M Gowda
 
Eagle eye presentation ver 2.0 slides
Manjunath M Gowda
 
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Georg Knon
 
Enterprise Sec + User Bahavior Analytics
Splunk
 
SplunkLive! Customer Presentation – athenahealth
Stephanie Bies
 
SplunkLive! Customer Presentation – athenahealth
Stephanie Bies
 
An introduction to the prpl foundation
Imagination Technologies
 
soctool.pdf
nitinscribd
 
Report on SNORT Intrusion Detection System.pdf
b2zvmjrgk7
 
"In love with Open Source : Past, Present and Future" : Keynote OSDConf 2014
Piyush Kumar
 
Capacity Planning Free Solution
luanrjesus
 
The IPv6 Snort Plugin (at DeepSec 2014)
Martin Schütte
 
What are the monitoring tools used in Linux Servers.pdf
arunnule1
 
OSINT: Open Source Intelligence - Rohan Braganza
NSConclave
 
SplunkLive! Customer Presentation – athenahealth
Splunk
 
Ending the Tyranny of Expensive Security Tools
Michele Chubirka
 
Ending the Tyranny of Expensive Security Tools
SolarWinds
 
Ad

Recently uploaded (20)

DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Cloud computing and distributed systems.
kkkkkhan
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Teaching material agriculture food technology
LiaRayya
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
KodekX | Application Modernization Development
KodekX
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Encapsulation theory and applications.pdf
gurumoop
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Ad

Security Onion - Part 1

  • 1. n|u / OWASP / G4H / SecurityXploded meet Nishanth Kumar n|u bangalore chapter member 18 Jan 2014
  • 2. What is Security Onion?  Security Onion is a Linux distro for  Intrusion detection,  Network security monitoring, and  log management 18 Jan 2014
  • 3. Onion Layers • Ubuntu based OS • Snort , Suricata • Snorby • Bro • Sguil • Squert • ELSA • NetworkMiner • PADS ( Passive Attack Detection System ) • ………Many other tools . 18 Jan 2014
  • 4. Now lets peel the onion layers & see what exactly each layer has …. 18 Jan 2014
  • 5. Snort / Suricata  Snort is an open source network intrusion detection and prevention system (IDS/IPS)  Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine . 18 Jan 2014
  • 6. Why to use only those IDS Engines  Highly Scalable  Protocol Identification  File Identification,  MD5 Checksums  File Extraction 18 Jan 2014
  • 7. Snorby  Ruby on Rails Application for Network Security Monitoring ( Web frontend )  Metrics & Reports  Classifications  Full Packet  Custom Settings  Hotkeys 18 Jan 2014
  • 8. Bro  Bro is a powerful network analysis framework that is much different from the typical IDS you may know.  high-level semantic analysis at the application layer.  site-specific monitoring policies.  comprehensively logs what it sees and provides a high-level archive of a network's activity. 18 Jan 2014
  • 9. Features of BRO  All HTTP sessions with their requested URIs  key headers  MIME types, and server responses  DNS requests with replies  SSL certificates  key content of SMTP sessions  ………….and much more. 18 Jan 2014
  • 10. Sguil  It is an analyst console for Security Monitoring  It’s a powerful and capable solution for  Event Analysis  Coreleation and  review Even ….  real-time events  session data  raw packet captures. 18 Jan 2014
  • 11. Squert  A web interface to query and view Sguil event data and designed to supplement Sguil by providing addition context around the events .  Squert is a visual tool  additional context to events ……  metadata,  time series representations  weighted and logically grouped result sets 18 Jan 2014
  • 13. Enterprise-Log-Search-andArchive  Centralized syslog framework built on  Syslog-NG  MySQL  Sphinx full-text search. Allows for event searching and visualization of all the Log data security onion consumes , including    OSSEC Snort / Suricata BRO IDS Distributed log Archive System 18 Jan 2014
  • 14. Features of ELSA • High-volume receiving/indexing • Full Active Directory/LDAP integration for • • • • authentication, authorization, email settings Dashboards using Google Visualizations Email alerting, scheduled reports. Plugin architecture for web interface Distributed architecture for clusters 18 Jan 2014
  • 15. Network miner  Network Forensic Analysis Tool  passive network sniffer/packet capturing tool  operating systems  Sessions  Hostnames  open ports etc 18 Jan 2014
  • 16. Sec Onion Support ……….  Alert data - HIDS alerts from OSSEC and NIDS      alerts from Snort/Suricata Asset data from Pads and Bro Full content data from netsniff-ng Host data via OSSEC and syslog-ng Session data from Argus, Pads, and Bro Transaction data - http/ftp/dns/ssl/other logs from Bro 18 Jan 2014
  • 17. Refrences  http://blog.securityonion.net/  http://www.bro.org  http://www.snort.org/  http://www.google.com 18 Jan 2014