Differences between revisions 14 and 16 (spanning 2 versions)
Revision 14 as of 2021-04-11 21:46:16
Size: 1566
Editor: scot
Comment:
Revision 16 as of 2021-04-11 22:17:25
Size: 1803
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 10: Line 10:
 * [[https://www.graylog.org/|GrayLog]]  * [[https://www.graylog.org/|GrayLog]] [[https://docs.graylog.org/en/4.0/pages/installation/os/ubuntu.html#ubuntuguide|Ubuntu Install Guide]] Note: There are different features for the enterprise version (for pay) vs opensource.
Line 15: Line 15:
{{{#!wiki comment
Not log analyzers that do similar things 		Some solutions go beyond simple log aggregators/analyzers to monitor everything... these include:
Line 18: Line 17:
 * PRTG (billed as a network monitor similar to spiceworks, so it does more than
 * Spiceworks (and other variants)
 * !AlienVault (community edition Threat intelligence, now owned by AT&T)
}}}		  * PRTG (includes log analyzing, but may be overkill for what we are doing)
 * ZabbixL https://www.zabbix.com/
 * AlienVault: https://www.alienvault.com/products/ossim
Line 30: Line 29:
    1. Show something from pfSense

Lab 09 Dashboards - Keeping data under control

Introduction

In the last two labs particularly, we have gathered information. But how do you make sense of it all? Log analyzer and dashboards!

Take the first 15 minutes of lab to research dashboards that you might want to install and use to work with Suricata, OpenVas and your windows systems.

  • Elastic Stack (here is a good tutorial by digitialocean.com

  • GrayLog Ubuntu Install Guide Note: There are different features for the enterprise version (for pay) vs opensource.

  • LOGalyze

  • Logz.io is based on Elastic Stack... learn more here.

  • Splunk (Seems to have gone for pay... probably want to try something else. Never-the-less one of the top rated apps!)

Some solutions go beyond simple log aggregators/analyzers to monitor everything... these include:

Install a system of your choice. If its not on the list, check with me first and if its ok, I'll add it. You should collect information from OpenVas, Suricata, Windows Logs and ubuntu for aggregation in the dashboard of your choice.

Show Me

In less than two minutes:

  1. Show your Dashboard working
    1. Show something from pfSense

    2. Show something from OpenVas

    3. Show something from Suricata
    4. Show something from your Windows Server

NetworkSecurity/Lab/Lab09 (last edited 2021-04-11 22:20:51 by scot)