Tech notes

RPM package creation for BRO IDS Deployments. Basically, there are two ways to install BRO. One is, download the source and compile it for your machine. The other option is to install BRO from a package. Compiling from source is a great option, which allows for customization but can become problematic when deploying BRO on […]

Content Packs for Graylog Lately, I have been working with Graylog a lot so I decided to update a few items on github and update their entries on the Graylog marketplace website. BRO content pack for Graylog The BRO IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog […]

This is not meant as a full primer for firewalld. It is just meant to document changing the default zone. If you are looking for a more in-depth exposure to firewalld try https://www.hogarthuk.com/?q=node/9 Check available zones firewall-cmd --get-zones Check active zone firewall-cmd --get-active-zones Get current zone of interface (assumes it is in the public zone) […]

Overview For anyone that doesn’t know, Security Onion is a custom Linux distribution running on Ubuntu that can be used as a Network Intrusion Detection System (NIDS). Security Onion integrates several configurable apps like BRO IDS, Snort, Suricata, and OSSEC to name a few. By default, there is an integrated ELSA Stack that can be […]

This is post 11 of 11 in the series “Setting up a multi-tiered log infrastructure” Setting up a multi-tiered log infrastructure Part 1 --- Getting Started Setting up a multi-tiered log infrastructure Part 2 --- System Overview Setting up a multi-tiered log infrastructure Part 3 --- System Build Setting up a multi-tiered log infrastructure Part […]

This is post 10 of 11 in the series “Setting up a multi-tiered log infrastructure” Setting up a multi-tiered log infrastructure Part 1 --- Getting Started Setting up a multi-tiered log infrastructure Part 2 --- System Overview Setting up a multi-tiered log infrastructure Part 3 --- System Build Setting up a multi-tiered log infrastructure Part […]

This is post 9 of 11 in the series “Setting up a multi-tiered log infrastructure” Setting up a multi-tiered log infrastructure Part 1 --- Getting Started Setting up a multi-tiered log infrastructure Part 2 --- System Overview Setting up a multi-tiered log infrastructure Part 3 --- System Build Setting up a multi-tiered log infrastructure Part […]

This is post 8 of 11 in the series “Setting up a multi-tiered log infrastructure” Setting up a multi-tiered log infrastructure Part 1 --- Getting Started Setting up a multi-tiered log infrastructure Part 2 --- System Overview Setting up a multi-tiered log infrastructure Part 3 --- System Build Setting up a multi-tiered log infrastructure Part […]

This is post 7 of 11 in the series “Setting up a multi-tiered log infrastructure” Setting up a multi-tiered log infrastructure Part 1 --- Getting Started Setting up a multi-tiered log infrastructure Part 2 --- System Overview Setting up a multi-tiered log infrastructure Part 3 --- System Build Setting up a multi-tiered log infrastructure Part […]

This is post 6 of 11 in the series “Setting up a multi-tiered log infrastructure” Setting up a multi-tiered log infrastructure Part 1 --- Getting Started Setting up a multi-tiered log infrastructure Part 2 --- System Overview Setting up a multi-tiered log infrastructure Part 3 --- System Build Setting up a multi-tiered log infrastructure Part […]