IDH Standalone #7591
-
|
With the new IDH node, according to the documentation it looks like it can be added to a standalone deployment. Are there specific instructions with how to do this? I am assuming I would select "distributed" during the setup process in order to get to the IDH option? (even though I am standalone). Also, I am assuming there would be issues with running certain honeypot services within a standalone deployment? For example, security onion itself listens on 22/tcp for legitimate ssh connections. If you ran the IDH with a ssh honeypot, that is going to be problematic. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 5 replies
-
|
Once you have your standalone node in place, build a new node on a separate machine, select I've updated https://docs.securityonion.net/en/2.3/idh.html#installation to hopefully make this more clear:
|
Beta Was this translation helpful? Give feedback.
-
|
Thanks Doug. That makes sense. Out of curiosity, if the IDH had the added capability of a separate "Honeypot" interface that could be bound to an unused physical nic, could the IDH role/node be added to an existing standalone deployment without the need for another physical/virtual machine to be deployed? |
Beta Was this translation helpful? Give feedback.
-
|
Can we deploy it on a small VM, like 20Go HDD? |
Beta Was this translation helpful? Give feedback.
-
|
We need at minimum 100Go... @dougburks this is sad when you have so many little space use for the IDH deployement :(... |
Beta Was this translation helpful? Give feedback.
-
@craigsmooth IDH nodes are dedicated to just being IDH nodes and cannot run any other services. |
Beta Was this translation helpful? Give feedback.
-
|
Per the IDH documentation, an IDH node moves the real SSH service to port 2222 and only allows logins from the Manager node. |
Beta Was this translation helpful? Give feedback.
-
|
Hi, I am a beginner. I would like to ask if I can use docker if I want to install IDH? And where can I download the image file of IDH? |
Beta Was this translation helpful? Give feedback.
Once you have your standalone node in place, build a new node on a separate machine, select
distributed, and choose to join the new node to the existing standalone node.I've updated https://docs.securityonion.net/en/2.3/idh.html#installation to hopefully make this more clear: