Security Onion for MDR services

[Blason R]

Hi SO Team,

Since this is a huge and big security community wodering if anyone has a usecase about using SO as MDR [Managed Detection and Response] tool? Or if not can it be used as a one of the tool?

MDR as gartner says needs to have full packet capture which SO does.
Threat Detection which as well
Known and Unknown [ Well know it does, unknow not]
SIEM and Analysis with threat intellgence [ can be possible]

I believe response services could be an issue but then other commercial tools can be used for that purpose?

Please advise and feel free to share your thoughts on the same.

Thanks and Regards,
Blason R

[Wes Lambert]

Hi Blason,

Security Onion can definitely be used as a central component of such a strategy, integrating it with several other technologies/data sources to provide greater capability/coverage.

Thanks,

Wes

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

--

https://twitter.com/therealwlambert

https://securityonion.net/

[Blason R]

Thanks for the reply but wondering if anyone has working use-case?

On Thu, May 17, 2018 at 4:47 PM, Wes Lambert <wlamb...@gmail.com> wrote:

Hi Blason,

Security Onion can definitely be used as a central component of such a strategy, integrating it with several other technologies/data sources to provide greater capability/coverage.

Thanks,

Wes

On Wed, May 16, 2018 at 7:15 AM, Blason R <blas...@gmail.com> wrote:

Hi SO Team,

Since this is a huge and big security community wodering if anyone has a usecase about using SO as MDR [Managed Detection and Response] tool? Or if not can it be used as a one of the tool?

MDR as gartner says needs to have full packet capture which SO does.
Threat Detection which as well
Known and Unknown [ Well know it does, unknow not]
SIEM and Analysis with threat intellgence [ can be possible]

I believe response services could be an issue but then other commercial tools can be used for that purpose?

Please advise and feel free to share your thoughts on the same.

Thanks and Regards,
Blason R

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.

To post to this group, send email to securit...@googlegroups.com.

Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

--

https://twitter.com/therealwlambert

https://securityonion.net/

--

Follow Security Onion on Twitter!
https://twitter.com/securityonion
---

You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/4Y8L78U6Q0o/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onion+unsubscribe@googlegroups.com.

[asing...@cybertend.com]

We are using SO for IDS(Suricata)and logging.
Added in OpenVas for endpoint.

Both on top of VMWare.

Good use case is providing MDR services that cover some essentials of compliancy: IDS, syslog and patch management.

On Thursday, May 17, 2018 at 12:17:42 PM UTC-5, Blason R wrote:
> Thanks for the reply but wondering if anyone has working use-case?
>
>
> On Thu, May 17, 2018 at 4:47 PM, Wes Lambert <wlamb...@gmail.com> wrote:
>
> Hi Blason,
>
>
> Security Onion can definitely be used as a central component of such a strategy, integrating it with several other technologies/data sources to provide greater capability/coverage.
>
>
> Thanks,
> Wes
>
>
>
>
>
>
> On Wed, May 16, 2018 at 7:15 AM, Blason R <blas...@gmail.com> wrote:
> Hi SO Team,
>
>
>
> Since this is a huge and big security community wodering if anyone has a usecase about using SO as MDR [Managed Detection and Response] tool? Or if not can it be used as a one of the tool?
>
>
>
> MDR as gartner says needs to have full packet capture which SO does.
>
> Threat Detection which as well
>
> Known and Unknown [ Well know it does, unknow not]
>
> SIEM and Analysis with threat intellgence [ can be possible]
>
>
>
> I believe response services could be an issue but then other commercial tools can be used for that purpose?
>
>
>
> Please advise and feel free to share your thoughts on the same.
>
>
>
> Thanks and Regards,
>
> Blason R
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
>

> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.

>
> To post to this group, send email to securit...@googlegroups.com.
>
> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
>
> --
>
>
> https://twitter.com/therealwlambert
>
> https://securityonion.net/
>
>
>
>
>
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
>
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/4Y8L78U6Q0o/unsubscribe.
>

> To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.