Recently I tried interacting with one of my lab Security Onion sensors running the Suricata IDS. I found the Sguil server was taking a really long time to offer services on port 7734 TCP. Since I hadn't worked with this lab system in a while, I guessed that there might be too many uncategorized events in the Sguil database. I dusted off an old blog post titled More Snort and Sguil Tuning from 2006 and took a look at the system. First I stopped the NSM applications on the server. sudo service nsm stopStopping: securityonion * stopping: sguil server...
Sunday, February 24, 2013
Friday, February 22, 2013
I remember using an older version of Bro to log SSL certificates extracted from the wire. The version shipped with Security Onion is new and that functionality doesn't appear to be enabled by default. I asked Seth Hall about this capability, and he told me how to get Bro to log all SSL certs that it sees. Edit /opt/bro/share/bro/site/local.bro to contain the changes as shown below. diff -u /opt/bro/share/bro/site/local.bro.orig /opt/bro/share/bro/site/local.bro---...
Monday, February 11, 2013
First the good news: my new book Practical Network Security Monitoring is on track, and you can pre-order with a 30% discount using code NSM101. I'm about 1/3 of the way through writing the book. Since I announced the project last month, I've submitted chapters 1, 2, and 3. They are in various stages of review by No Starch editors and my technical editors. I seem to be writing more than I expected, despite trying to keep the book at an introductory...
Subscribe to:
Posts (Atom)
