Data Aggregation tool in Security Onion

[BelleCrosse]

Good Morning mates,
How is it going? I hope great.

I'm in need of some clarification after deploying a master server and 2 sensors.

So my question is that I'm wondering if There is another tool in Security Onion that data aggregation?

Thanks in advance for your time.

Frank. D

[Wes]

You can have a look here at all the tools included with Security Onion:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Tools

The three main interfaces are Squert, Sguil, ELSA. Each of these interfaces allow you to pivot to PCAP (CapME) for more context.

You can read more about each of them here:

https://github.com/Security-Onion-Solutions/security-onion/wiki/Squert
https://github.com/Security-Onion-Solutions/security-onion/wiki/Sguil
https://github.com/Security-Onion-Solutions/security-onion/wiki/ELSA
https://github.com/Security-Onion-Solutions/security-onion/wiki/CapMe

Squert and Sguil are the primary "alerting" interfaces/consoles, while ELSA acts more of a centralized logging framework, containing more data types than Squert/Sguil.

Syslog can be forwarded to ELSA from OSSEC HIDS and from any other network devices you may have. Also, alerts you find in Squert/Sguil can be found in ELSA, with again, the same capability of pivoting to PCAP.

Hope this helps to clarify.

Thanks,
Wes

[Franck DANVIDE]

Thank you so much for the prompt reply Wes. It's greatly appreciated.

Good Day mate!

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

[Wes Lambert]

No problem, and to clarify one of my statements above, Sguil does not pivot to CapMe, but has several pivoting mechanisms available, such as pivoting to NetworkMiner, Wireshark, Bro, etc.

Thanks,
Wes

On Nov 29, 2016 7:42 AM, "Franck DANVIDE" <belle...@gmail.com> wrote:

Thank you so much for the prompt reply Wes. It's greatly appreciated.

Good Day mate!

To post to this group, send email to securit...@googlegroups.com.

Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.