Security Onion for threat hunting, network security monitoring, and log management.

Reply to Security Onion for threat hunting, network security monitoring, and log management. on Thu, 23 Dec 2021 20:51:26 GMT

robi — Thu, 23 Dec 2021 20:51:26 GMT

@mastadamus good convo to have with the Sysbox folks.

Reply to Security Onion for threat hunting, network security monitoring, and log management. on Thu, 23 Dec 2021 15:11:34 GMT

Mastadamus — Thu, 23 Dec 2021 15:11:34 GMT

@robi yeah I should have said "can't be easily containerized"
Security onion relies on a span port/mirror traffic getting to its analysis engines and is a pretty complicated beast. If cloudron can containerized the whole thing awesome but this is no small task lol.

Reply to Security Onion for threat hunting, network security monitoring, and log management. on Thu, 23 Dec 2021 05:17:54 GMT

robi — Thu, 23 Dec 2021 05:17:54 GMT

@mastadamus This is possible because of a few innovations:

Sysbox by Nestybox, find the thread in this forum.
This allows for Docker-in-Docker nesting, even running VMs.
With affordable VPS providers like SSDnodes and Contabo, CPU and RAM are not an issue.
With multi-cloudron coming soon, it's going to be an ecosystem of hosts managed by a central Cloudron UI, so why not have a host dedicated to security or similar functions.

Reply to Security Onion for threat hunting, network security monitoring, and log management. on Thu, 23 Dec 2021 00:41:22 GMT

Mastadamus — Thu, 23 Dec 2021 00:41:22 GMT

@dark-shadow I run security onion on a separate machine. I don't think its applicable for cloudron. 1. it can't be containerized. its a stack of docker containers controlled by SALT. 2. It requires immense CPU/RAM/HD. For a small network you are looking at 4 cores min and at least 20gb ram. Additionally, You don't really want to put your security tools on the same subnet as your internet facing stuff.