-
|
Hi all, apologies in advance - im 20+ years windows so not too hot on linux. Im really trying to follow the manuals etec. I am considering looking if i can buy 1 - 2 hours support time for this. Ive followed the videos & read manuals Im looking to tune it to filter out some alerts and setup email alerting for high category. Specific questions > I want to setup email alerts when a high severity alert comes in. following this https://docs.securityonion.net/en/2.3/email.html#email do i setup "elastialert" or wasuh Then following https://docs.securityonion.net/en/2.3/elastalert.html#email---internal |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
From https://docs.securityonion.net/en/2.3/tuning.html:
Here's our BPF video:
Depends on your goal. Wazuh is primarily for endpoint logs. ElastAlert can be used for either endpoint logs or network traffic. Also take a look at Playbook: |
Beta Was this translation helpful? Give feedback.
-
|
many thanks |
Beta Was this translation helpful? Give feedback.
From https://docs.securityonion.net/en/2.3/tuning.html:
To get the best performance out of Security Onion, you’ll want to tune it for your environment. Start by creating Berkeley Packet Filters (BPFs) to ignore any traffic that you don’t want your network sensors to process. Then tune your IDS rulesets. There may be entire categories of rules that you want to disable first and then look at the remaining enabled rules to see if there are individual rules that can be disabled.