Security Onion for threat hunting, network security monitoring, and log management.
-
Security Onion, is a free and open platform for threat hunting, network security monitoring, and log management. Security Onion includes free and open tools including Suricata, Zeek, Wazuh, the Elastic Stack and many others.
https://github.com/Security-Onion-Solutions/securityonion/blob/master/VERIFY_ISO.md
-
Security Onion, is a free and open platform for threat hunting, network security monitoring, and log management. Security Onion includes free and open tools including Suricata, Zeek, Wazuh, the Elastic Stack and many others.
https://github.com/Security-Onion-Solutions/securityonion/blob/master/VERIFY_ISO.md
@dark-shadow I run security onion on a separate machine. I don't think its applicable for cloudron. 1. it can't be containerized. its a stack of docker containers controlled by SALT. 2. It requires immense CPU/RAM/HD. For a small network you are looking at 4 cores min and at least 20gb ram. Additionally, You don't really want to put your security tools on the same subnet as your internet facing stuff.
-
@dark-shadow I run security onion on a separate machine. I don't think its applicable for cloudron. 1. it can't be containerized. its a stack of docker containers controlled by SALT. 2. It requires immense CPU/RAM/HD. For a small network you are looking at 4 cores min and at least 20gb ram. Additionally, You don't really want to put your security tools on the same subnet as your internet facing stuff.
@mastadamus This is possible because of a few innovations:
- Sysbox by Nestybox, find the thread in this forum.
- This allows for Docker-in-Docker nesting, even running VMs.
- With affordable VPS providers like SSDnodes and Contabo, CPU and RAM are not an issue.
- With multi-cloudron coming soon, it's going to be an ecosystem of hosts managed by a central Cloudron UI, so why not have a host dedicated to security or similar functions.
-
@mastadamus This is possible because of a few innovations:
- Sysbox by Nestybox, find the thread in this forum.
- This allows for Docker-in-Docker nesting, even running VMs.
- With affordable VPS providers like SSDnodes and Contabo, CPU and RAM are not an issue.
- With multi-cloudron coming soon, it's going to be an ecosystem of hosts managed by a central Cloudron UI, so why not have a host dedicated to security or similar functions.
@robi yeah I should have said "can't be easily containerized"
Security onion relies on a span port/mirror traffic getting to its analysis engines and is a pretty complicated beast. If cloudron can containerized the whole thing awesome but this is no small task lol. -
@robi yeah I should have said "can't be easily containerized"
Security onion relies on a span port/mirror traffic getting to its analysis engines and is a pretty complicated beast. If cloudron can containerized the whole thing awesome but this is no small task lol.@mastadamus good convo to have with the Sysbox folks.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login