Published on August 9th, 2016 📆 | 4060 Views ⚑9
Intrusion Detection System Tutorial: Setup Security Onion
In this video, I’ll show you how to setup Security Onion, an open-source intrusion detection system packaged into a Linux distro. SecOnion is perfect for getting an intrusion detection system up and running quickly, and has some cool additional features like HIDS, SIEM, root kit detection, and file integrity monitoring.
For this to work, you will need a switch capable of SPANing/mirroring network traffic to a specific port. I will release a video/information about this process. For a small home network, I’d recommend the following: https://www.amazon.com/NETGEAR-ProSAFE-Gigabit-Managed-GS108E-300NAS/dp/B00M1C0186/ref=sr_1_sc_1?ie=UTF8&qid=1470783563&sr=8-1-spell&keywords=netgear+prosafe+plsu+8+port
I’m also going to upload a video about utilizing SecOnion and Splunk to ingest and correlate the data/alerts your Intrusion detection system will generate. SecOnion comes with ELSA, which you could use (along with Kibana) to display, visualize and create alerts.
Finally, i’ll upload a video detailing the install and integration of the Collective Intelligence framework with your IDS/SIEM. Expect these videos within the next couple weeks.
Links for this video:
Security Onion: https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md