Network Security Monitoring with Security Onion
In this lab we are going to use Security Onion virtual machine as our Network security monitoring tool.
Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, NetworkMiner, and many other security tools. However, this scenario focuses on the Sguil.
Sguil (sgweel) provides a graphical user interface that enables the analyst to access to realtime events, session data, and raw packet captures for analysis.
Objectives of the Lab
- Analyze various network traffic using Security Onion Sguil.
NOTE: - Check RULES tab for the rules of engagement of this scenario.
- TIME180 MINUTES
- COST10000 CRYSTALS