Now that we have looked at deploying the Snort IDS, let us turn our attention to deploying a SIEM. These are very popular with enterprises; therefore, we need to build one into our lab to test our attacks against this type of architecture. The SIEM we will deploy here is the Security Onion tool. You will need to download the Security Onion tool: open a browser and enter https://github.com/Security-Onion-Solutions/security-onion/releases.
In short, Security Onion is a Network Security Monitor (NSM) integration tool. The tool provides the following components:
Full packet capture
Snort or Suricata rule-driven intrusion detection
Bro event-driven intrusion detection
OSSEC host-based intrusion detection
Security Onion provides us all of these tools integrated into the machine seamlessly. Well, for the most part! Is anything really ever seamless in software? Even the commercial tools will have bugs!
Once you have downloaded the tool, you need to create a...