AWS example: providing TLS decrypted traffic into Security Onion #12633
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Uh oh!
There was an error while loading. Please reload this page.
-
We've recently released an example onto github showing how you can decrypt TLS traffic on AWS using the Gateway LoadBalancer and a Mira ETO EC2 to decrypt and feed the plaintext into Security Onion.
This allows for the decryption of outbound TLS traffic to external internet websites, e.g. when a EC2s downloads packages from the internet or when client browsers are routed through AWS either via a VPN EC2 or EC2 proxy. Decryption is transparent and can occur on any TCP port.
Inbound connections to your own website may also be decrypted by re-using their public issued server certificates (e.g. Let's encrypt).
The decrypted plaintext feed can be transmitted over a tunnel into a security onion EC2 to provide visibility into the payloads and detect threats.
Example is located at: https://github.com/mirasecurity/aws/tree/master/1az-security-eto-security-onion
Beta Was this translation helpful? Give feedback.
All reactions