open source HIPS/HIDS soultion that can send logs to Security Onion?
Anoop Perayil
Doug Burks
Have you considered OSSEC? You can install OSSEC agents on your AWS
instances and have them send logs to the OSSEC server on your Security
Onion box.
https://github.com/Security-Onion-Solutions/security-onion/wiki/OSSEC
On Thu, Feb 11, 2016 at 7:37 AM, Anoop Perayil <urdud...@gmail.com> wrote:
> Hi All, I am trying to find an open source HIPS/HIDS solution for AWS cloud that can send logs to SO. anyone tried anything like this?
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Anoop Perayil
Hi Dough,
Thanks for the quick response, I have been thinking about OSSEC but have the following doubts -
what will be the resource overhead on the the AWS server instances?
can we run Security Onion on a dedicated AWS instance with only HIPS/HIDS monitoring?
finally I am planning to send info from the Security Onion to another centralized SIEM
Regards,
Anoop
Doug Burks
On Thu, Feb 11, 2016 at 9:21 AM, Anoop Perayil <urdud...@gmail.com> wrote:
> Hi Dough,
>
> Thanks for the quick response, I have been thinking about OSSEC but have the following doubts -
> what will be the resource overhead on the the AWS server instances?
> can we run Security Onion on a dedicated AWS instance with only HIPS/HIDS monitoring?
That will disable all network sniffing.
> finally I am planning to send info from the Security Onion to another centralized SIEM
https://github.com/Security-Onion-Solutions/security-onion/wiki/ThirdPartyIntegration
Anoop Perayil
Hi Dough,
Let me go through it, 'll keep you posted on how it goes.
Regards,
Anoop
Anoop Perayil
> Replies inline.
>
> On Thu, Feb 11, 2016 at 9:21 AM, Anoop Perayil <urdud...@gmail.com> wrote:
> > Hi Dough,
> >
> > Thanks for the quick response, I have been thinking about OSSEC but have the following doubts -
> > what will be the resource overhead on the the AWS server instances?
>
> The OSSEC agent is very lightweight.
>
> > can we run Security Onion on a dedicated AWS instance with only HIPS/HIDS monitoring?
>
> Yes, when you run Setup, choose Production Mode and then Master-only.
> That will disable all network sniffing.
>
> > finally I am planning to send info from the Security Onion to another centralized SIEM
>
> Please see:
> https://github.com/Security-Onion-Solutions/security-onion/wiki/ThirdPartyIntegration
>
Thanks to your tutorials, I setup SO with only OSSEC, but now I have realized that I need more than just log analysis, I will have to see connections established on host level and maybe pcap traffic from the host as well. Is there any host agent that can do that on a host level? AWS has a lot of restrictions on sniffing into the networks traffic.
Thanks in advance,
Anoop
Doug Burks
> Thanks to your tutorials, I setup SO with only OSSEC, but now I have realized that I need more than just log analysis, I will have to see connections established on host level and maybe pcap traffic from the host as well. Is there any host agent that can do that on a host level? AWS has a lot of restrictions on sniffing into the networks traffic.
--
Doug Burks
Anoop Perayil
Hi Doug,
I am terribly sorry about that, I would blame it on auto-correct.
Thanks for the wiki, at first glance seems to be a bit complicated, will get back to you once I have a go at it.
Regards,
Anoop