Ross Heenan
Introduction to Security Onion
Heenan, Ross; Moradpoor, Naghmeh
Abstract
Security Onion is a Network Security Manager (NSM) platform that provides multiple Intrusion Detection Systems (IDS) including Host IDS (HIDS) and Network IDS (NIDS). Many types of data can be acquired using Security Onion for analysis. This includes data related to: Host, Network, Session, Asset, Alert and Protocols. Security Onion can be implemented as a standalone deployment with server and sensor included or with a master server and multiple sensors allowing for the system to be scaled as required. Many interfaces and tools are available for management of the system and analysis of data such as Sguil, Snorby, Squert and Enterprise Log Search and Archive (ELSA). These interfaces can be used for analysis of alerts and captured events and then can be further exported for analysis in Network Forensic Analysis Tools (NFAT) such as NetworkMiner, CapME or Xplico. The Security Onion platform also provides various methods of management such as Secure SHell (SSH) for management of server and sensors and Web client remote access. All of this with the ability to replay and analyse example malicious traffic makes the Security Onion a suitable low cost alternative for Network Security Management. In this paper, we have a feature and functionality review for the Security Onion in terms of: types of data, configuration, interface, tools and system management.
Citation
Heenan, R., & Moradpoor, N. (2016, May). Introduction to Security Onion. Paper presented at Post Graduate Cyber Security (PGCS) symposium
| Presentation Conference Type | Conference Paper (unpublished) |
|---|---|
| Conference Name | Post Graduate Cyber Security (PGCS) symposium |
| Start Date | May 10, 2016 |
| End Date | May 10, 2016 |
| Acceptance Date | Apr 10, 2016 |
| Publication Date | Jun 10, 2016 |
| Deposit Date | Feb 8, 2017 |
| Publicly Available Date | Feb 9, 2017 |
| Keywords | Security Onion, Intrusion Detection Systems; (IDS), Host-based IDS (HIDS), Netwrok-based IDS; (NIDS), Network Forensic Analysis Tools (NFAT),; Network Security Management (NSM) |
| Public URL | http://researchrepository.napier.ac.uk/Output/461935 |
| Publisher URL | http://thecyberacademy.org/wp-content/uploads/2016/05/PGCS-symposium_2016_paper_6.pdf |
| Related Public URLs | http://thecyberacademy.org/wp-content/uploads/2016/05/PGCS-symposium_2016_paper_6.pdf |
| Contract Date | Feb 8, 2017 |
Files
Introduction to security onion
(892 Kb)
PDF
Copyright Statement
© 2016 PGCS
You might also like
Machine Learning for Smart Healthcare Management Using IoT
(2024)
Book Chapter
A Hybrid Deep Learning-based Intrusion Detection System for IoT Networks
(2023)
Journal Article
Building Towards Automated Cyberbullying Detection: A Comparative Analysis
(2022)
Journal Article
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search