Whitelisting IPs in OSSEC

Posted on Mon 22 May 2017 in howto • Tagged with securityonion, ossec

Another tool in the arsenal of Security Onion is OSSEC, a "scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS)." OSSEC examines log and alert events and correlates them against pre-built (or custom) rules and sends alerts as configured. When installed on the Security Onion server, OSSEC alerts are logged …

Continue reading

Security Onion: Validating EXE/DLL Download Alerts

Posted on Wed 17 May 2017 in howto • Tagged with securityonion

As I've mentioned before, Security Onion is a fantastic network security-focused Linux distribution which can monitor your network and/or hosts for malicious activity.

The Onion can run Snort or Suricata as a network IDS, and it can also run bro alongside those traditional IDS engines to add another layer …

Continue reading

Bulk Update Security Onion Alerts

Posted on Mon 15 May 2017 in howto • Tagged with securityonion

Security Onion is a fantastic Open Source IDS distribution created by Doug Burks and Security Onion Solutions. Per their own about page:

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert …

Continue reading

Keep Calm and ...

Posted on Wed 16 March 2016 in general • Tagged with securityonion, incidenthandling

Just a reminder to keep calm even when it feels like every system around you is crashing down to the ground.

Keep a level head and calmly review the log data available, only ruling an event out when the evidence backs it up.

If you don’t have the necessary …

Continue reading