-
Version2.4.50 Installation MethodSecurity Onion ISO image Descriptionother (please provide detail below) Installation TypeStandalone Locationon-prem with Internet access Hardware SpecsMeets minimum requirements CPU6 RAM16gig Storage for /200g Storage for /nsmdefault partition Network Traffic Collectionspan port Network Traffic SpeedsLess than 1Gbps StatusYes, all services on all nodes are running OK Salt StatusNo, there are no failures LogsNo, there are no additional clues DetailI'm reasonably new to Security Onion but trying to Test NIDS rules per documentation (https://docs.securityonion.net/en/2.4/managing-alerts.html). I used procedures listed in NIDS Testing on my Security Onion VM, the host it's running on and other MACOS hosts. I don't get any alerts from it. Otherwise, I am getting at least 1 valid alert from my network (Rule 2027397). Guidelines
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Are you ingesting the traffic from your test machine that is running the These are the two alerts I got from running the above command in powershell. That machines traffic goes through a network tap and is ingested by my Security Onion box. |
Beta Was this translation helpful? Give feedback.
-
|
You're right. After a using NC and tcpdump, my switch is not mirroring all traffic to the SO box. |
Beta Was this translation helpful? Give feedback.
Are you ingesting the traffic from your test machine that is running the
curl testmynids.org/uid/index.htmlcommand?These are the two alerts I got from running the above command in powershell. That machines traffic goes through a network tap and is ingested by my Security Onion box.