Re: system monitoring/security - possibly off topic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Apr 22, 2020 at 10:45 AM bruce <badouglas@xxxxxxxxx> wrote:
>
>
>
> .
> .
> .
> Hey Mauricio,
>
> researching Security Onion, never hear of "zeek'
>>
      You might have heard of it in its old name, bro.
https://securityonion.readthedocs.io/en/latest/zeek.html

>>   >>>     zeek? Security Onion?
>
>
> I'm putting together a list of tools that would run on the "client" server, but I'm tying to wrap my head around how all of the resulting data would be aggregated, and displayed by a master dashboad app. I've seen OpenVAS and a few other apps that appear to offer the ability to import security data, and to display it.
>
> Any thoughts on this?
>
      Security onion is but a bunch of tools whose output is then
aggregated and spewed into an elastic stack-based interface. From
there you can make pretty graphs (hello, Kibana), create alerts, and
then send email alerts. You can run it off a vm if you want or a
physical box; memory (think 10GB+) and diskspace is what it likes.

Which tools to run on the servers you want to monitor? Go to the url I
gave and see what each tool does. You should also be able to ask your
network appliances what's up and then feed that to the onionbox;
monitoring everything in your servers will make them very unhappy,
your network unhappy, and the storage used to store its data unhappy.
Start small.

If you ever used Splunk, it is the same thing but without the price.
Both excel on helping you make question to the collected data about
what happened (sometimes WTF is going on if the event is still taking
place).

Other programs are AIDE or tripwire (they do the same); do check
exactly what they do before mindlessly deploying or you will have a
lot of people pissed at you.

> thanks
>
> .
> .
> .
>
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux