Alerts via syslogs #14303

InfoSecUniversity · 2025-02-27T14:35:41Z

InfoSecUniversity
Feb 27, 2025

I have security onion setup where I have my firewall syslogs coming to it. Do I have to do anything special for the alerts to trigger? I just find it odd nothing has alerted yet, considering where a university. Epically, since students visit some questionable sites sometimes. Any insights or help is much appreciated.

InfosecGoon · 2025-02-28T14:31:15Z

InfosecGoon
Feb 28, 2025

If you want alerts to trigger from the contents of your firewall logs, you'll need to write or enable Sigma rules in Detections to spot the items that should trigger an alert.

Most of the default alerting rules are in Suricata, which assumes that you're monitoring live network traffic, not simply ingesting logs.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Alerts via syslogs #14303

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Alerts via syslogs #14303

Uh oh!

InfoSecUniversity Feb 27, 2025

Replies: 1 comment

Uh oh!

Uh oh!

InfosecGoon Feb 28, 2025

InfoSecUniversity
Feb 27, 2025

InfosecGoon
Feb 28, 2025