Replies: 1 comment
-
|
We use Playbook for detections https://docs.securityonion.net/en/2.4/playbook.html |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.10
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Standalone
Location
other (please provide detail below)
Hardware Specs
Exceeds minimum requirements
CPU
4
RAM
24
Storage for /
34
Storage for /nsm
64
Network Traffic Collection
span port
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
Hello,
I recently downloaded Security Onion with the intention of using it as a Security Information and Event Management (SIEM) solution. So far, all the tools are functioning well, and Suricata is generating valid alerts.
I have configured my Fortinet FortiGate firewall to forward syslog to Security Onion, and the logs are being received successfully. However, when I check the ELK (Elasticsearch, Logstash, Kibana) stack in Security Onion, I notice that there are no pre-built rules for correlating events.
I am wondering if there is a way to import or create correlation rules in Security Onion for syslog events, similar to what is commonly done in other SIEM solutions. As of now, the ELK stack in Security Onion seems to be empty in terms of pre-configured rules.
If importing the pre-built rules within Security Onion is not supported, I am curious if there is an integrated external tool or method that can be used for syslog correlation.
My primary objective is to enhance the syslog correlation capabilities in Security Onion.
Thank you!
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions