Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Security Onion for threat hunting, network security monitoring, and log management.

    App Wishlist
    3
    5
    284
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dark Shadow last edited by

      Security Onion, is a free and open platform for threat hunting, network security monitoring, and log management. Security Onion includes free and open tools including Suricata, Zeek, Wazuh, the Elastic Stack and many others.

      https://github.com/Security-Onion-Solutions/securityonion/blob/master/VERIFY_ISO.md

      M 1 Reply Last reply Reply Quote 0
      • M
        Mastadamus @Dark Shadow last edited by

        @dark-shadow I run security onion on a separate machine. I don't think its applicable for cloudron. 1. it can't be containerized. its a stack of docker containers controlled by SALT. 2. It requires immense CPU/RAM/HD. For a small network you are looking at 4 cores min and at least 20gb ram. Additionally, You don't really want to put your security tools on the same subnet as your internet facing stuff.

        robi 1 Reply Last reply Reply Quote 1
        • robi
          robi @Mastadamus last edited by

          @mastadamus This is possible because of a few innovations:

          1. Sysbox by Nestybox, find the thread in this forum.
          2. This allows for Docker-in-Docker nesting, even running VMs.
          3. With affordable VPS providers like SSDnodes and Contabo, CPU and RAM are not an issue.
          4. With multi-cloudron coming soon, it's going to be an ecosystem of hosts managed by a central Cloudron UI, so why not have a host dedicated to security or similar functions.

          Life of Advanced Technology

          M 1 Reply Last reply Reply Quote 0
          • M
            Mastadamus @robi last edited by

            @robi yeah I should have said "can't be easily containerized"
            Security onion relies on a span port/mirror traffic getting to its analysis engines and is a pretty complicated beast. If cloudron can containerized the whole thing awesome but this is no small task lol.

            robi 1 Reply Last reply Reply Quote 1
            • robi
              robi @Mastadamus last edited by

              @mastadamus good convo to have with the Sysbox folks.

              Life of Advanced Technology

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Powered by NodeBB