Replies: 1 comment
-
|
Hi, I would like to correct my case description: there are no salt failures. Everything is reported to be fine. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.70
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Distributed
Location
on-prem with Internet access
Hardware Specs
Meets minimum requirements
CPU
8
RAM
16GB
Storage for /
80
Storage for /nsm
80
Network Traffic Collection
span port
Network Traffic Speeds
Less than 1Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
Yes, there are salt failures (please provide detail below)
Logs
No, there are no additional clues
Detail
Hi Security Onion Team.
I tried to enable Port Scanning Rule for my IDH but to no avail. I am wondering if this function is supported.
There is no log generated (except only for SSH, which will be flagged by SSH rule) in Security Onion IDH's opencanary.log.
I tested the rule using nmap scan: "nmap [IDH-IP]".
I also see that there is no Detection Rule for IDH Port Scanning in the Security Onion Manager's Detections Tab.
The rules for detecting SSH login and HTTP request are working as expected.
I have read other related discussions but none provided a working solution: #12180 #11875
Thank you for your support.
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions