2017年1月17日 星期二

Check_MK: Security Onion

SOC components could refer to the structure of Security Onion: 
  1. HIDS: ossec
  2. NIDS: snort
  3. Asset data: Bro
  4. Packet capture: netsniff-ng
  5. Host: syslog, ossec
  6. Session/transaction: Bro
Item 4 and 6 may use tcpdump or netflow as alternative, while item 1-3 mabe be integrated via Nagios/Check_MK.

REF: https://securityonion.net
張貼者:
標籤: , , ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)