Security Onion for threat hunting, network security monitoring, and log management.
Security Onion, is a free and open platform for threat hunting, network security monitoring, and log management. Security Onion includes free and open tools including Suricata, Zeek, Wazuh, the Elastic Stack and many others.
@dark-shadow I run security onion on a separate machine. I don't think its applicable for cloudron. 1. it can't be containerized. its a stack of docker containers controlled by SALT. 2. It requires immense CPU/RAM/HD. For a small network you are looking at 4 cores min and at least 20gb ram. Additionally, You don't really want to put your security tools on the same subnet as your internet facing stuff.
@mastadamus This is possible because of a few innovations:
- Sysbox by Nestybox, find the thread in this forum.
- This allows for Docker-in-Docker nesting, even running VMs.
- With affordable VPS providers like SSDnodes and Contabo, CPU and RAM are not an issue.
- With multi-cloudron coming soon, it's going to be an ecosystem of hosts managed by a central Cloudron UI, so why not have a host dedicated to security or similar functions.
@robi yeah I should have said "can't be easily containerized"
Security onion relies on a span port/mirror traffic getting to its analysis engines and is a pretty complicated beast. If cloudron can containerized the whole thing awesome but this is no small task lol.