Security Onion is a Linux distro that includes Intrusion Detection System(IDS) , Network Security Monitoring(NSM) and Log management.
It is open source and free. Developed by Doug Burks.
It includes
1) Sguil : Sguil (pronounced sgweel or squeal) is a collection of Free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts.
2) Snorby : Snorby is a new and modern Snort IDS front-end.
3) Squert : Squert is a web application that is used to query and view event data stored in a Sguil database (typically IDS alert data). Squert is a visual tool that attempts to provide additional context to events through the use of metadata, time series representations and weighted and logically grouped result sets.
d) ELSA : Enterprise log search and archive (ELSA) is a centralized syslog framework built on Syslog-NG, MySQL, and Sphinx full-text search. It provides a fully asynchronous web-based query interface that normalizes logs and makes searching billions of them for arbitrary strings as easy as searching the web. It also includes tools for assigning permissions for viewing the logs as well as email based alerts, scheduled queries, and graphing.
Check Security Onion tutorial link
It is open source and free. Developed by Doug Burks.
It includes
1) Sguil : Sguil (pronounced sgweel or squeal) is a collection of Free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts.
2) Snorby : Snorby is a new and modern Snort IDS front-end.
3) Squert : Squert is a web application that is used to query and view event data stored in a Sguil database (typically IDS alert data). Squert is a visual tool that attempts to provide additional context to events through the use of metadata, time series representations and weighted and logically grouped result sets.
d) ELSA : Enterprise log search and archive (ELSA) is a centralized syslog framework built on Syslog-NG, MySQL, and Sphinx full-text search. It provides a fully asynchronous web-based query interface that normalizes logs and makes searching billions of them for arbitrary strings as easy as searching the web. It also includes tools for assigning permissions for viewing the logs as well as email based alerts, scheduled queries, and graphing.
Check Security Onion tutorial link
Thanks for all this, I see you work hard on giving us actual relevant information.
ReplyDeleteMalware and How You Can Prevent It