No Alerts - latest version #9958

techstartupexplorer · 2023-03-20T11:09:21Z

techstartupexplorer
Mar 20, 2023

hello,
I freshly installed the latest version of security onion and everything is running well no errors however, in the alert section upon testing like nmap scan etc... it doesn't capture any attack's. when i run tcpdump -nni bond0 -v it doesn't capture any packets but when i run tcpdump -I eth0 it captures all packets.

I am using the default ETOPEN IDS Ruleset. any suggestion why it's not working?

bond0: flags=5379<UP,BROADCAST,PROMISC,MASTER,MULTICAST> mtu 1500
ether 9a:6b:c6:07:7f:cc txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

techstartupexplorer · 2023-03-20T15:28:05Z

techstartupexplorer
Mar 20, 2023
Author

salt * so.status

nids_standalone:

Checking Docker status

    Docker ---------------------------- [ OK ]

Checking container statuses

    so-aptcacherng -------------------- [ OK ]
    so-curator ------------------------ [ OK ]
    so-dockerregistry ----------------- [ OK ]
    so-elastalert --------------------- [ OK ]
    so-elasticsearch ------------------ [ OK ]
    so-filebeat ----------------------- [ OK ]
    so-fleet -------------------------- [ OK ]
    so-grafana ------------------------ [ OK ]
    so-idstools ----------------------- [ OK ]
    so-influxdb ----------------------- [ OK ]
    so-kibana ------------------------- [ OK ]
    so-kratos ------------------------- [ OK ]
    so-logstash ----------------------- [ OK ]
    so-mysql -------------------------- [ OK ]
    so-nginx -------------------------- [ OK ]
    so-playbook ----------------------- [ OK ]
    so-redis -------------------------- [ OK ]
    so-sensoroni ---------------------- [ OK ]
    so-soc ---------------------------- [ OK ]
    so-soctopus ----------------------- [ OK ]
    so-steno -------------------------- [ OK ]
    so-strelka-backend ---------------- [ OK ]
    so-strelka-coordinator ------------ [ OK ]
    so-strelka-filestream ------------- [ OK ]
    so-strelka-frontend --------------- [ OK ]
    so-strelka-gatekeeper ------------- [ OK ]
    so-strelka-manager ---------------- [ OK ]
    so-suricata ----------------------- [ OK ]
    so-telegraf ----------------------- [ OK ]
    so-wazuh -------------------------- [ OK ]
    so-zeek --------------------------- [ OK ]

1 reply

techstartupexplorer Mar 24, 2023
Author

up

robbiemarshall · 2023-03-21T12:22:55Z

robbiemarshall
Mar 21, 2023

What is your output for ifconfig -a ?

0 replies

techstartupexplorer · 2023-03-24T10:41:10Z

techstartupexplorer
Mar 24, 2023
Author

docker0
bond0
enp0s3 in PROMISC Mode

but vm interfaces are not in promisc.

2 replies

robbiemarshall Mar 24, 2023

Did you install Security Onion on a VM? What interface did you select as your monitor port when you installed Security Onion?

techstartupexplorer Mar 24, 2023
Author

yes in VM. i selected enp0s3

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

No Alerts - latest version #9958

Uh oh!

{{title}}

Uh oh!

Replies: 3 comments 3 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

No Alerts - latest version #9958

Uh oh!

techstartupexplorer Mar 20, 2023

Replies: 3 comments · 3 replies

Uh oh!

techstartupexplorer Mar 20, 2023 Author

salt * so.status

Uh oh!

techstartupexplorer Mar 24, 2023 Author

Uh oh!

robbiemarshall Mar 21, 2023

Uh oh!

techstartupexplorer Mar 24, 2023 Author

Uh oh!

robbiemarshall Mar 24, 2023

Uh oh!

techstartupexplorer Mar 24, 2023 Author

techstartupexplorer
Mar 20, 2023

Replies: 3 comments 3 replies

techstartupexplorer
Mar 20, 2023
Author

techstartupexplorer Mar 24, 2023
Author

robbiemarshall
Mar 21, 2023

techstartupexplorer
Mar 24, 2023
Author

techstartupexplorer Mar 24, 2023
Author