Airgap Standalone 2.4 Alerts Not Populating #11272
Replies: 2 comments 1 reply
-
|
I have attempted to generate alerts by performing incorrect logins to the server, as well as running zenmap scans on the network that is being monitored with no alerts... |
Beta Was this translation helpful? Give feedback.
-
|
Assuming you are looking for Suricata alerts and not Playbook alerts, is |
Beta Was this translation helpful? Give feedback.
-
|
Please review the Troubleshooting Alerts section of the documentation and see if that helps: |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.10
Installation Method
Security Onion ISO image
Installation Type
Standalone
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
11th Gen Intel Core i7 @ 2.80 GHz
RAM
32GB
Storage for /
1TB
Storage for /nsm
1TB
Network Traffic Collection
~100MB
span port
Network Traffic Speeds
~100MB
Status
All services on all nodes are running OK after running so-status on the standalone
Salt Status
OK
Logs
No, there are no failures
No, there are no additional clues
Detail
Installed 2.4 in Airgap Standalone mode and am not receiving any alerts. I have performed a TCPdump and verified that traffic is coming form the SPAN port and have verified that the traffic is being received from the pre-built connection dashboard. My configuration is an Intel NUC with an external USB NIC for management traffic with the onboard NIC being set up for monitoring. I didn't receive any errors during installation or setup- is there somewhere else to verify that the Suricata instance is running properly, or could there be another issue?
Beta Was this translation helpful? Give feedback.
All reactions