Jul 19, 2017
Been having a blast working with the beta branch of the Sweet Security project and it anxious to try the latest fixes of the beta branch. Give it a look!
I also spent a lot of time the last few nights playing with Security Onion and love it. After zipping through the install wizard and hitting reboot a few times you're pretty much good to go. A few recommendations I'd make after those initial reboots though:
Run the soup
command to update Security Onion with
all the latest packages
Use ufw
to adjust the internal firewall to allow
management from ports other than SSH (which is already
preconfigured)
On a side note, I think you might have to have your vnic in VMWare set to promiscuous mode in order to allow proper network sniffing.
Do a wget http://testmyids.com
to ensure Security
Onion alerts are coming in the squil dashboard security alerts are
pouring in.
Also, check out this article for some handy tips on threat hunting with Bro.
Next up on my "test this out list" is to setup DNS tunneling to a Digital Ocean droplet I setup, and see if the onion picks up on that, or if I can at least get warned somehow about a high amount of DNS traffic.