You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First, thanks to the entire Security Onion team for such a great product. Small/medium businesses who can't afford the often pricey security tools have a lifeline because of such wonderful open source platforms as Security Onion. Keep up the good work, it must be a tremendous feat.
Now I have two questions:
Would it be possible to add Alert/rule configuration abilities for Elastic Security to the SOC side of SO? This would be a great convenience to anyone looking to leverage Elastic's built in XDR features. Currently you have to dig into Kibana Spaces, uncheck the hidden Security menu, then setup any preconfigured/custom rules there. In addition, the logs generated by those rules are being shipped and indexed in ELK, but Alerts are only being generated on the Kibana side, requiring a second open browser window to manage.
Would it be possible to add the automation capabilities of Shuffle/Velociraptor to SO, as previously mentioned in Wes Lambert's blog series? Velociraptor is an immensely powerful DFIR tool, and it's artifact collection/endpoint monitoring capabilities seemed like a natural fit for the missing Response capacity of the Security Onion platform.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
First, thanks to the entire Security Onion team for such a great product. Small/medium businesses who can't afford the often pricey security tools have a lifeline because of such wonderful open source platforms as Security Onion. Keep up the good work, it must be a tremendous feat.
Now I have two questions:
Would it be possible to add Alert/rule configuration abilities for Elastic Security to the SOC side of SO? This would be a great convenience to anyone looking to leverage Elastic's built in XDR features. Currently you have to dig into Kibana Spaces, uncheck the hidden Security menu, then setup any preconfigured/custom rules there. In addition, the logs generated by those rules are being shipped and indexed in ELK, but Alerts are only being generated on the Kibana side, requiring a second open browser window to manage.
Would it be possible to add the automation capabilities of Shuffle/Velociraptor to SO, as previously mentioned in Wes Lambert's blog series? Velociraptor is an immensely powerful DFIR tool, and it's artifact collection/endpoint monitoring capabilities seemed like a natural fit for the missing Response capacity of the Security Onion platform.
Again, thanks for such a wonderful product.
Beta Was this translation helpful? Give feedback.
All reactions