-
Version2.4.30 Installation MethodSecurity Onion ISO image Descriptionconfiguration Installation TypeDistributed Locationon-prem with Internet access Hardware SpecsMeets minimum requirements CPU8 RAM16GB Storage for /85GB Storage for /nsm166GB Network Traffic Collectionother (please provide detail below) Network Traffic Speeds1Gbps to 10Gbps StatusYes, all services on all nodes are running OK Salt StatusNo, there are no failures LogsNo, there are no additional clues DetailHello everyone, My team is deploying Security Onion IDH. We would like to turn on the "portscan" function. However, after enabling the function and doing the scans, we cannot see any alerts. We think there should be some configurations needed. Thank you for your help! Guidelines
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
Hi, On Security Onion, go to Configuration -> IDH -> Opencanary -> Config -> portscan_X_enabled -> True . cheers. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your help. I will give it a try and reply with the result. |
Beta Was this translation helpful? Give feedback.
-
|
Hi Mav, I think the problem that there is no log in opencanary.log in the first place. My test command with nmap was "nmap -t4 [IP]". Do you have any idea on this matter? Thank you so much for your help. Regards, |
Beta Was this translation helpful? Give feedback.
-
|
Hi! When you did de so-playbook-import did import the opencanary playbooks? For example - nmap -A IP should generate some alert. Or probably when you instaled the IDH on the option on listening you choose to not be listening. cheers. |
Beta Was this translation helpful? Give feedback.
Hi,
On Security Onion, go to Configuration -> IDH -> Opencanary -> Config -> portscan_X_enabled -> True .
Then so-playbook-import, to import the opencanary playbooks to generate alerts, and activate them.
cheers.
Mav