Replies: 1 comment 2 replies
-
|
The first question we should ask is: is there some reason you don't want to use Suricata which is already built into Security Onion? It's fully managed and integrated: |
Beta Was this translation helpful? Give feedback.
-
|
Snort is what is used by the organization. Just looking at new ways to visualize and manage the logs. |
Beta Was this translation helpful? Give feedback.
-
|
If you're rolling your own Snort sensors, you might want to try our Security Onion sensors as they give you the same kind of NIDS alerts that you expect from Snort but also protocol metadata, full packet capture, and the ability to pivot between these different data types. If you have some kind of hard requirement for Snort, Elastic does have an integration for Snort logs but we don't support it yet. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.20
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Eval
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
4
RAM
64
Storage for /
500GB
Storage for /nsm
500GB
Network Traffic Collection
tap
Network Traffic Speeds
Less than 1Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
I am looking for the easiest way to get my snorts logs into Security Onion 2.4.10. The logs are in json format.
I am hoping there is an easy way to move the Snort logs into a specific directory and have them be read and available to look at in the Dashboards.
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions