Network Visibility

When you log into Security Onion Console (SOC), you may see network-based IDS alerts from Suricata, protocol metadata logs from Zeek or Suricata, file analysis logs from Strelka, or full packet capture from Stenographer. How is that data generated and stored? This section covers the various processes that Security Onion uses to analyze and log network traffic.

• AF-PACKET
  • More Information
• Stenographer
  • Output
  • Analysis
  • Command Line
  • Configuration
  • Maximum Files
  • Diagnostic Logging
  • Disabling
  • More Information
• Suricata
  • Community ID
  • Performance
  • HOME_NET
  • Configuration
  • Thresholding
  • Metadata
  • File Extraction
  • Disabling
  • Diagnostic Logging
  • Stats
  • More Information
• Zeek
  • Community ID
  • Performance
  • Syslog
  • Intel
  • Custom Scripts
  • Logs
  • Configuration
  • Disabling
  • More Information
• Strelka
  • Alerts
  • Logs
  • Configuration
  • More Information