Asset discovery and inventory

155 views
Skip to first unread message

Sabbo

unread,
Dec 19, 2015, 10:21:52 AM12/19/15
to security-onion
AlienVault does a great job at asset discovery and inventory, with PRADs on SO, do we have this capibility and how do we gather, use this data?

S

Wes

unread,
Dec 21, 2015, 8:26:23 AM12/21/15
to security-onion
Sabbo,

Asset data can be alerted upon and tracked in Sguil/Squert, and can be used to track asset types in you network.

If you like, you can then pivot to full packet capture from Sguil or pivot to ELSA from Squert. PRADS also affords you the ability to perform session tracking, through the use of sancp.

If you don't absolutely need the asset data from PRADS, session information can be provided by Bro's conn.log and is searchable via ELSA (faster, distributed architecture versus single database on the master server used by PRADS).

I personally do not use PRADS, but have heard that if you are monitoring a low bandwidth network, usage of PRADS should be fine, but I think most individuals monitoring larger amounts of traffic prefer to use Bro data via ELSA.

Thanks,
Wes

Reply all
Reply to author
Forward
0 new messages