-
|
Not sure where to best ask these types of questions, not directly related to the development of SO. More looking to see what folks out there use in conjunction with SecurityOnion, or might have tried to integrate with SecurityOnion/NSM (If they want to talk about it of course). I have been going down many rabbit holes on things, and I know there are more add-ons/tweaks that can be done on SecurityOnion, just don't know what I don't know. I was reading up on Maltrail which looks interesting, could this be accomplished with zeek/suricata or somehow in SO? And still, another was OpenCTI, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
I'll focus my responses to features that are already built into Security Onion just to make sure you are aware of them.
Zeek can consume intel via its intel framework:
You can do some file analysis using Strelka:
Depending on what exactly you're trying to do, Cases may be able to provide some of this functionality: |
Beta Was this translation helpful? Give feedback.
I'll focus my responses to features that are already built into Security Onion just to make sure you are aware of them.
Zeek can consume intel via its intel framework:
https://docs.securityonion.net/en/2.3/zeek.html#intel
You can do some file analysis using Strelka:
https://docs.securityonion.net/en/2.3/strelka.html
Depending on what exactly you're trying to do, Cases may be able to provide some of this functionality:
https://docs.securityonion.net/en/2.3/…