Security Onion for threat hunting, network security monitoring, and log management.
-
Security Onion, is a free and open platform for threat hunting, network security monitoring, and log management. Security Onion includes free and open tools including Suricata, Zeek, Wazuh, the Elastic Stack and many others.
https://github.com/Security-Onion-Solutions/securityonion/blob/master/VERIFY_ISO.md
-
@dark-shadow I run security onion on a separate machine. I don't think its applicable for cloudron. 1. it can't be containerized. its a stack of docker containers controlled by SALT. 2. It requires immense CPU/RAM/HD. For a small network you are looking at 4 cores min and at least 20gb ram. Additionally, You don't really want to put your security tools on the same subnet as your internet facing stuff.
-
@mastadamus This is possible because of a few innovations:
- Sysbox by Nestybox, find the thread in this forum.
- This allows for Docker-in-Docker nesting, even running VMs.
- With affordable VPS providers like SSDnodes and Contabo, CPU and RAM are not an issue.
- With multi-cloudron coming soon, it's going to be an ecosystem of hosts managed by a central Cloudron UI, so why not have a host dedicated to security or similar functions.
-
@robi yeah I should have said "can't be easily containerized"
Security onion relies on a span port/mirror traffic getting to its analysis engines and is a pretty complicated beast. If cloudron can containerized the whole thing awesome but this is no small task lol. -
@mastadamus good convo to have with the Sysbox folks.
