Logo
2.3

Table of Contents

  • About
  • Introduction
  • License
  • First Time Users
  • Getting Started
  • Security Onion Console (SOC)
  • Analyst VM
  • Network Visibility
    • AF-PACKET
    • Stenographer
    • Suricata
    • Zeek
    • Strelka
    • Intrusion Detection Honeypot
  • Host Visibility
  • Logs
  • Updating
  • Accounts
  • Services
  • Customizing for Your Environment
  • Tuning
  • Tricks and Tips
  • Utilities
  • Help
  • Security
  • Appendix
  • Release Notes
  • Cheat Sheet
Security Onion
  • Docs »
  • Network Visibility
  • Edit on GitHub

Network VisibilityΒΆ

When you log into Security Onion Console (SOC), you may see alerts from Suricata or Intrusion Detection Honeypot, protocol metadata logs from Zeek or Suricata, file analysis logs from Strelka, or full packet capture from Stenographer. How is that data generated and stored? This section covers the various processes that Security Onion uses to analyze and log network traffic.

_images/sniffing.png
  • AF-PACKET
    • VLAN tags
    • More Information
  • Stenographer
    • Output
    • Analysis
    • Command Line
    • Configuration
    • Maximum Files
    • Diagnostic Logging
    • Disabling
    • VLAN tags
    • More Information
  • Suricata
    • Community ID
    • Performance
    • HOME_NET
    • EXTERNAL_NET
    • Configuration
    • Thresholding
    • Metadata
    • File Extraction
    • Disabling
    • Diagnostic Logging
    • Troubleshooting Alerts
    • Stats
    • Testing Rules
    • More Information
  • Zeek
    • Community ID
    • Packet Loss and Capture Loss
    • Performance
    • Syslog
    • Logs
    • VLAN tags
    • Intel
    • Custom Scripts
    • Custom Script Example: log4j
    • Modifying base protocol scripts
    • Configuration
    • Diagnostic Logging
    • Disabling
    • More Information
  • Strelka
    • Alerts
    • Logs
    • Configuration
    • Diagnostic Logging
    • More Information
  • Intrusion Detection Honeypot
    • Installation
    • Screenshots
    • Technical Background
    • Services Configuration
    • SSH
    • Custom Configuration
    • Custom Configuration - Example: Port Change
    • Custom Configuration - Example: Custom HTTP Skin
Next Previous

© Copyright 2023 Revision e13319ea.

Built with Sphinx using a theme provided by Read the Docs.
Read the Docs v: 2.3
Versions
latest
2.4
2.3
Downloads
pdf
html
epub
On Read the Docs
Project Home
Builds

Free document hosting provided by Read the Docs.