Setting up Security Onion at home
First off, what exactly is Security Onion and why do I care about this? From their website, it is described as: “Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!”
Sounds awesome right? And the best part of all of this is that it’s free!
There are a couple different ways (that I know of) that you can set this up. If you have a spare computer that you don’t mind dedicating to becoming your Security Onion, or if you have a system dedicated to being an ESXI server. Luckily for you, I’ve done both!
Author
Latest Articles
- BlogSeptember 29, 2020Using the Google custom search engine for OSINT | By Maciej Makowski
- BlogSeptember 22, 2020Sysmon 12.0 — EventID 24 | By Olaf Hartong
- BlogSeptember 21, 2020Decrypting Databases Using RAM Dump – Health Data | By Michal Rozin
- BlogSeptember 18, 2020TikTok — Using OSINT to Discover New Leads | By Josh Richards
This article is very informative, but i have some questions as i have only modem and access point in my home and it’s not capable of configuring span/mirror port.
How do i place this switch ?
What would i need to configure on that switch ?
and lets say, if something goes wrong with switch will i continue getting internet through access point ?
If you can answer these questions, it will be great help.