Any integration with other system (e.g. MISP)
799 views
Skip to first unread message
Ken Ma
Apr 30, 2018, 6:06:49 AM4/30/18
to security-onion
Hi All,
I am new to Security Onion, as I know SO have a plugin of OTX as the threat intel. May I know SO is there any integration with MISP?
Also, do SO have asset management and vulnerability scan feature?
Thanks a lot.
Regards,
Ken
I am new to Security Onion, as I know SO have a plugin of OTX as the threat intel. May I know SO is there any integration with MISP?
Also, do SO have asset management and vulnerability scan feature?
Thanks a lot.
Regards,
Ken
Wes Lambert
Apr 30, 2018, 9:21:23 PM4/30/18
to securit...@googlegroups.com
Hi Ken,
What type of integration are you looking for?
I've put something together to pull MISP NIDS rules into Security Onion, here:
I've also got a sample Elastalert rule and Python script(s) here to push event info into MISP (leverages PyMISP), TheHive, and GRR (still a WIP, and these are really meant to be examples, but feedback would be great):
Also, I've got some samples for creating an observable/case from Sguil to MISP, TheHive, and FIR (also still a WIP, GRR to be added soon, as well as more options for case creation, error-checking, etc).
As far as asset management and vulnerability scans, SO does not provide these. If you are looking for these, you could try Snipe-IT, and OpenVAS or Nessus, maybe combined with VulnWhisperer (https://github.com/austin-taylor/VulnWhisperer)
Thanks,
Wes
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Georgi
Oct 24, 2018, 6:14:22 AM10/24/18
to security-onion
Hi Wes,
It seems that there are minor changes.
Installation guide:
Step - Run the script:
Setup-misp is changed to so-misp-setup. (it might be good to update it in the SO wiki:)
Another thing is that when execute it (sudo so-misp-setup) I get error "command is not found".
Any suggestions would be appreciated.
BR,
Georgi
en Tuesday, May 1, 2018 at 4:21:23 AM UTC+3, Wes wrote:
> Hi Ken,
>
>
>
>
> What type of integration are you looking for?
>
>
>
> I've put something together to pull MISP NIDS rules into Security Onion, here:
>
>
> https://github.com/Security-Onion-Solutions/security-onion/wiki/MISP
>
>
>
>
>
> I've also got a sample Elastalert rule and Python script(s) here to push event info into MISP (leverages PyMISP), TheHive, and GRR (still a WIP, and these are really meant to be examples, but feedback would be great):
>
>
> https://github.com/weslambert/e2
>
>
>
>
>
> Also, I've got some samples for creating an observable/case from Sguil to MISP, TheHive, and FIR (also still a WIP, GRR to be added soon, as well as more options for case creation, error-checking, etc).
>
>
> https://github.com/weslambert/sguil-pivots
>
>
>
>
>
> As far as asset management and vulnerability scans, SO does not provide these. If you are looking for these, you could try Snipe-IT, and OpenVAS or Nessus, maybe combined with VulnWhisperer (https://github.com/austin-taylor/VulnWhisperer)
>
>
> Thanks,
> Wes
>
>
>
>
> On Sun, Apr 29, 2018 at 10:34 PM, Ken Ma <mak...@gmail.com> wrote:
> Hi All,
>
>
>
> I am new to Security Onion, as I know SO have a plugin of OTX as the threat intel. May I know SO is there any integration with MISP?
>
>
>
> Also, do SO have asset management and vulnerability scan feature?
>
>
>
> Thanks a lot.
>
>
>
> Regards,
>
> Ken
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
>
>
> To post to this group, send email to securit...@googlegroups.com.
Georgi
Oct 24, 2018, 6:14:29 AM10/24/18
to security-onion
Please ignore my previous message.
I manage to find it.
I was able to execute it with the following.
Sudo ./so-misp-setup
(appologises I am not a proficient Linux user)
Tuesday, May 1, 2018 at 4:21:23 AM UTC+3, Wes wrote:
>
> To post to this group, send email to securit...@googlegroups.com.
I manage to find it.
I was able to execute it with the following.
Sudo ./so-misp-setup
(appologises I am not a proficient Linux user)
Tuesday, May 1, 2018 at 4:21:23 AM UTC+3, Wes wrote:
> Hi Ken,
>
>
>
>
> What type of integration are you looking for?
>
>
>
> I've put something together to pull MISP NIDS rules into Security Onion, here:
>
>
> https://github.com/Security-Onion-Solutions/security-onion/wiki/MISP
>
>
>
>
>
> I've also got a sample Elastalert rule and Python script(s) here to push event info into MISP (leverages PyMISP), TheHive, and GRR (still a WIP, and these are really meant to be examples, but feedback would be great):
>
>
> https://github.com/weslambert/e2
>
>
>
>
>
> Also, I've got some samples for creating an observable/case from Sguil to MISP, TheHive, and FIR (also still a WIP, GRR to be added soon, as well as more options for case creation, error-checking, etc).
>
>
> https://github.com/weslambert/sguil-pivots
>
>
>
>
>
> As far as asset management and vulnerability scans, SO does not provide these. If you are looking for these, you could try Snipe-IT, and OpenVAS or Nessus, maybe combined with VulnWhisperer (https://github.com/austin-taylor/VulnWhisperer)
>
>
> Thanks,
> Wes
>
>
>
>
> On Sun, Apr 29, 2018 at 10:34 PM, Ken Ma <mak...@gmail.com> wrote:
> Hi All,
>
>
>
> I am new to Security Onion, as I know SO have a plugin of OTX as the threat intel. May I know SO is there any integration with MISP?
>
>
>
> Also, do SO have asset management and vulnerability scan feature?
>
>
>
> Thanks a lot.
>
>
>
> Regards,
>
> Ken
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
>
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
>
>
>
>
> What type of integration are you looking for?
>
>
>
> I've put something together to pull MISP NIDS rules into Security Onion, here:
>
>
> https://github.com/Security-Onion-Solutions/security-onion/wiki/MISP
>
>
>
>
>
> I've also got a sample Elastalert rule and Python script(s) here to push event info into MISP (leverages PyMISP), TheHive, and GRR (still a WIP, and these are really meant to be examples, but feedback would be great):
>
>
> https://github.com/weslambert/e2
>
>
>
>
>
> Also, I've got some samples for creating an observable/case from Sguil to MISP, TheHive, and FIR (also still a WIP, GRR to be added soon, as well as more options for case creation, error-checking, etc).
>
>
> https://github.com/weslambert/sguil-pivots
>
>
>
>
>
> As far as asset management and vulnerability scans, SO does not provide these. If you are looking for these, you could try Snipe-IT, and OpenVAS or Nessus, maybe combined with VulnWhisperer (https://github.com/austin-taylor/VulnWhisperer)
>
>
> Thanks,
> Wes
>
>
>
>
> On Sun, Apr 29, 2018 at 10:34 PM, Ken Ma <mak...@gmail.com> wrote:
> Hi All,
>
>
>
> I am new to Security Onion, as I know SO have a plugin of OTX as the threat intel. May I know SO is there any integration with MISP?
>
>
>
> Also, do SO have asset management and vulnerability scan feature?
>
>
>
> Thanks a lot.
>
>
>
> Regards,
>
> Ken
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
>
>
> To post to this group, send email to securit...@googlegroups.com.
Wes Lambert
Oct 24, 2018, 7:56:01 AM10/24/18
to securit...@googlegroups.com
Hi Georgi,
Thanks for the feedback! I've updated the Wiki to match the updated naming convention for the setup script.
Thanks,
Wes
Francois Lachance
Oct 24, 2018, 12:47:21 PM10/24/18
to security-onion
Wes,
I think you are missing the word "support" in your Warning section.
https://github.com/Security-Onion-Solutions/security-onion/wiki/MISP
Francois
I think you are missing the word "support" in your Warning section.
https://github.com/Security-Onion-Solutions/security-onion/wiki/MISP
Francois
Wes Lambert
Oct 24, 2018, 12:48:49 PM10/24/18
to securit...@googlegroups.com
Thanks, Francois! It has been fixed. :)
Thanks,
Wes
Reply all
Reply to author
Forward
0 new messages