Ross Heenan
Introduction to Security Onion
Heenan, Ross; Moradpoor, Naghmeh
Abstract
Security Onion is a Network Security Manager (NSM) platform that provides multiple Intrusion Detection Systems (IDS) including Host IDS (HIDS) and Network IDS (NIDS). Many types of data can be acquired using Security Onion for analysis. This includes data related to: Host, Network, Session, Asset, Alert and Protocols. Security Onion can be implemented as a standalone deployment with server and sensor included or with a master server and multiple sensors allowing for the system to be scaled as required. Many interfaces and tools are available for management of the system and analysis of data such as Sguil, Snorby, Squert and Enterprise Log Search and Archive (ELSA). These interfaces can be used for analysis of alerts and captured events and then can be further exported for analysis in Network Forensic Analysis Tools (NFAT) such as NetworkMiner, CapME or Xplico. The Security Onion platform also provides various methods of management such as Secure SHell (SSH) for management of server and sensors and Web client remote access. All of this with the ability to replay and analyse example malicious traffic makes the Security Onion a suitable low cost alternative for Network Security Management. In this paper, we have a feature and functionality review for the Security Onion in terms of: types of data, configuration, interface, tools and system management.
| Presentation Conference Type | Conference Paper (unpublished) |
|---|---|
| Conference Name | Post Graduate Cyber Security (PGCS) symposium |
| Start Date | May 10, 2016 |
| End Date | May 10, 2016 |
| Acceptance Date | Apr 10, 2016 |
| Publication Date | Jun 10, 2016 |
| Deposit Date | Feb 8, 2017 |
| Publicly Available Date | Feb 9, 2017 |
| Keywords | Security Onion, Intrusion Detection Systems; (IDS), Host-based IDS (HIDS), Netwrok-based IDS; (NIDS), Network Forensic Analysis Tools (NFAT),; Network Security Management (NSM) |
| Public URL | http://researchrepository.napier.ac.uk/Output/461935 |
| Publisher URL | http://thecyberacademy.org/wp-content/uploads/2016/05/PGCS-symposium_2016_paper_6.pdf |
| Related Public URLs | http://thecyberacademy.org/wp-content/uploads/2016/05/PGCS-symposium_2016_paper_6.pdf |
| Contract Date | Feb 8, 2017 |
Files
Introduction to security onion
(892 Kb)
PDF
Copyright Statement
© 2016 PGCS
You might also like
Assessing the Performance of Ethereum and Hyperledger Fabric Under DDoS Attacks for Cyber-Physical Systems
(2024)
Presentation / Conference Contribution
Enhancing Mac OS Malware Detection through Machine Learning and Mach-O File Analysis
(2024)
Presentation / Conference Contribution
Assessment and Analysis of IoT Protocol Effectiveness in Data Exfiltration Scenario
(2024)
Presentation / Conference Contribution
Enhancing Cloud Computing Security Through Blockchain-Based Communication for Electronic Health Records
(2024)
Presentation / Conference Contribution
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search