Search — SOC stable documentation

SOC

stable

Table of Contents

About This Documentation
Introduction
Use Cases
Hardware Requirements
Download/Install
ISO Release Notes
Quick Evaluation using Security Onion ISO image
Quick Evaluation on Ubuntu
Production Deployment
After Installation
UTC and Time Zones
Services
VirtualBox Walkthrough
VMWare Walkthough
Videos
Architecture
Cheat Sheet
Conference

Update/Upgrade

Updating
HWE
Upgrading from 14.04 to 16.04
MySQL Upgrade Errors
EOL

Analyst Tools

Kibana
CapME
CyberChef
Squert
Sguil
NetworkMiner
Wireshark

Network Visibility

NIDS
Snort
Suricata
Bro
netsniff-ng

Host Visibility

Beats
Wazuh
Sysmon
Autoruns
Syslog

Elastic Stack

Elastic Stack
Elasticsearch
Logstash
Kibana
ElastAlert
Curator
FreqServer
DomainStats
Docker
Redis
Data Fields
Alert Data Fields
Bro Fields
Elastalert Fields
Beats
ELSA to Elastic
Re-Indexing

Customizing for your network

Network Configuration
Proxy Configuration
Firewall
Email Configuration
Changing IP Addresses
NTP

Tuning

Managing Alerts
Managing Rules
Adding Local Rules
Disabling Processes
BPF
PF_RING
AF-PACKET
MySQL Tuning
Adding a new disk
High Performance Tuning
Trimming PCAPs

Tricks and Tips

Airgapped Networks
Analyst VM
Automating Setup
Best Practices
Cloud Client
Connecting to Sguild
Disabling Desktop
DNS Anomaly Detection
ICMP Anomaly Detection
Metapackages
PCAPs for Testing
Removing a Sensor
Salt
Sensor Stops Seeing Traffic
SSH

Integrations

AlienVault-OTX
Critcal Stack Intel Client
Etherpad
FIR
GRR
MISP
NtopNG
RITA
Strelka
Integrating with other systems

Help

Support
Help
FAQ
Passwords
Mailing Lists
Help Wanted
Secure Boot
Security
Booting Issues

Other

Directory Structure
Tools

Utilities

jq
so-allow
so-import-pcap

SOC

»
Search

© Copyright 2022. Revision f3e7e527.

Built with Sphinx using a theme provided by Read the Docs.