securityonion
content
securityonion | content | |
---|---|---|
7 | 7 | |
2,924 | 2,105 | |
2.6% | 1.1% | |
8.6 | 10.0 | |
3 days ago | 3 days ago | |
Shell | Shell | |
- | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
securityonion
-
Security Onion on Proxmox with Linux Bridges and LACP Bond
I'm trying to get Security Onion running in my lab on my Proxmox server. I'm having trouble getting my WAN traffic to my SO VM. My WAN comes in on VLAN 100 to my switch and goes to my router (Virtual VyOS on the same physical host). I have a ton of VMs and really don't want to move to OVS if I don't absolutely have to. I found this discussion which included some commands for getting SO working on a Linux bridge, but this didn't work for me. Probably because my environment is different. Does anybody have SO setup this way? If so, how did you do it?
- Do I need to be concerned? Ipinfo.io says the ip adress is from Slovakia.
- Elastic Stack 8.2 and Suricata Integration
- Security Onion 2: #distro de #Linux para la caza de amenazas, la supervisión de la seguridad empresarial y la gestión de registros 💯
-
FOSS Deep Packet Inspection Options
https://securityonionsolutions.com/software/ https://github.com/Security-Onion-Solutions/securityonion
-
PFsense vs Mikrotik
I have been debating in my head whether to keep my current setup (PFsense on an old laptop) or buy a 'proper?' solution, by this I mean specialised hardware. PFsense has had a few issues like randomly dropping out, but it has been fine for around 4 days now. My question is: Should I buy a Mikrotik HEX S and use the laptop for other things, or not buy a Mikrotik and instead buy a Dell Optiplex 3020 from Ebay and run SecurityOnion (https://github.com/Security-Onion-Solutions/securityonion) or pfELK (https://github.com/pfelk/pfelk) on it.
-
SecurityOnion
Community support is here. You can also purchase support from the developers on their website.
content
- Oracle linux CIS benchmark
-
FIPS 140 and MacOS
For starters there's an entire NIST project for macOS Security Compliance - https://github.com/usnistgov/macos_security this will make your life a million times easier to meet a lot of the technical controls required for compliance. Nothing like this really exists for Windows or Linux(closest is Compliance As Code https://github.com/ComplianceAsCode/content)
- Ansible for automation/ hardening.
- I wrote a Script to bring firefox into dISA STIG compliance on RHEL 7 & 8 systems.
- hardening a RHEL8 VM using OpenSCAP and DISA STIG
-
CIS Benchmarking Git Community
I haven't used this in a while but take a look at ComplianceAsCode it is attempting to apply controls for each of the different benchmarks on different OSes. It might have what you are looking for, plus you can always contribute back any changes you make to help others.
- ComplianceAsCode/content: Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats
What are some alternatives?
arkime - Arkime is an open source, large scale, full packet capturing, indexing, and database system.
flake8-bandit - Automated security testing using bandit and flake8.
Malcolm - Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
hardening - Hardening Ubuntu. Systemd edition.
pfelk - pfSense/OPNsense + Elastic Stack
AMDH - Android Mobile Device Hardening
nDPI - Open Source Deep Packet Inspection Software Toolkit
ansible-role-rhel8-stig - DISA STIG for Red Hat Enterprise Linux 8 - Ansible role generated from ComplianceAsCode Project
core - OPNsense GUI, API and systems backend
ansible-role-hardening - Ansible role to apply a security baseline. Systemd edition.
AIMOD2 - Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proactively identify, engage and prevent cyber threats denying or mitigating potential damage to the organization.
lunasec - LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/