'[security-onion] Re: Security Onion Traffic Log ?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-onion
Subject:    [security-onion] Re: Security Onion Traffic Log ?
From:       Wes <wlambertts () gmail ! com>
Date:       2017-04-28 15:20:59
Message-ID: be67ef49-4107-43ca-9e0f-83503ecaef7a () googlegroups ! com
[Download RAW message or body]


On Wednesday, April 26, 2017 at 4:38:21 PM UTC-6, Ibrahim Lubis wrote:
> Hi,
> 
> I know SO can get alert from ids and have Full packet capture  of a network, my \
> question since SO have full packet capture, does SO gather network traffic like \
> full knowledge of top source ip and destination ? how many Bytes that ip tranfered \
> through network ? top http ip source ? or maybe application ? does this using bro ? \
>  Thx

Ibrahim,

Aside from full packet capture, Security Onion provides a wealth of data (alert data, \
session data, extracted content, transaction data, statistical data) as you \
mentioned, via a variety of logs (including Bro logs), tools, etc. ELSA is a tool \
included with Security Onion that ties much of this together and presents it in an \
easily digestible format, including information regarding top src/dst IP, bytes \
in/out, software, services, and MUCH more.


See the following for more information:

https://github.com/Security-Onion-Solutions/security-onion/wiki/IntroductionToSecurityOnion
 https://github.com/Security-Onion-Solutions/security-onion/wiki/ELSA
https://github.com/Security-Onion-Solutions/security-onion/wiki/Bro

Thanks,
Wes

-- 
Follow Security Onion on Twitter!
https://twitter.com/securityonion
--- 
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
https://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/d/optout.



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic