security onion + openedr #3182
-
|
HI Technically,is there any way to add openedr to security onion ? Thanks. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
also,could we consider security onion as an XDR solution ? |
Beta Was this translation helpful? Give feedback.
-
|
We typically don't call Security Onion an XDR solution, but a solution for ESM, or Enterprise Security Monitoring. With regard to OpenEDR, I have not tried it. It appears that it only supports installation for Windows endpoints. If speaking to EDR and a more response-oriented tool, you may have a look at Velociraptor, which supports Linux, MacOS, and Windows endpoints. While it is not officially supported, you can check out the integration project here: https://github.com/weslambert/securityonion-velociraptor. Otherwise we have other endpoint-focused tools like Wazuh, Elastic Beats, and Osquery that already natively integrate with Security Onion. |
Beta Was this translation helpful? Give feedback.
We typically don't call Security Onion an XDR solution, but a solution for ESM, or Enterprise Security Monitoring. With regard to OpenEDR, I have not tried it. It appears that it only supports installation for Windows endpoints. If speaking to EDR and a more response-oriented tool, you may have a look at Velociraptor, which supports Linux, MacOS, and Windows endpoints. While it is not officially supported, you can check out the integration project here: https://github.com/weslambert/securityonion-velociraptor. Otherwise we have other endpoint-focused tools like Wazuh, Elastic Beats, and Osquery that already natively integrate with Security Onion.