[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: [security-onion] Re: Security Onion Traffic Log ?
From: Wes <wlambertts () gmail ! com>
Date: 2017-04-28 15:20:59
Message-ID: be67ef49-4107-43ca-9e0f-83503ecaef7a () googlegroups ! com
[Download RAW message or body]
On Wednesday, April 26, 2017 at 4:38:21 PM UTC-6, Ibrahim Lubis wrote:
> Hi,
>
> I know SO can get alert from ids and have Full packet capture of a network, my \
> question since SO have full packet capture, does SO gather network traffic like \
> full knowledge of top source ip and destination ? how many Bytes that ip tranfered \
> through network ? top http ip source ? or maybe application ? does this using bro ? \
> Thx
Ibrahim,
Aside from full packet capture, Security Onion provides a wealth of data (alert data, \
session data, extracted content, transaction data, statistical data) as you \
mentioned, via a variety of logs (including Bro logs), tools, etc. ELSA is a tool \
included with Security Onion that ties much of this together and presents it in an \
easily digestible format, including information regarding top src/dst IP, bytes \
in/out, software, services, and MUCH more.
See the following for more information:
https://github.com/Security-Onion-Solutions/security-onion/wiki/IntroductionToSecurityOnion
https://github.com/Security-Onion-Solutions/security-onion/wiki/ELSA
https://github.com/Security-Onion-Solutions/security-onion/wiki/Bro
Thanks,
Wes
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
https://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/d/optout.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic