978
Comment:
|
← Revision 17 as of 2021-04-11 22:20:51 ⇥
1924
|
Deletions are marked like this. | Additions are marked like this. |
Line 7: | Line 7: |
Take the first 15 minutes of lab to research dashboards that you might want to install and use to work with Suricata, OpenVas and your windows systems. | Take the first 15 minutes of lab to research dashboards that you might want to install and use to work with Suricata, !OpenVas and your windows systems. |
Line 9: | Line 9: |
* Logz.io * !GreyLog * Splunk * Spiceworks (and other variants) * !AlienVault (community edition) * Elk Stack * SolarWInds Paper Trail (trial version 48 hours of search 7 days of archive) |
* Elastic Stack (here is a good tutorial by [[https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elastic-stack-on-ubuntu-18-04|digitialocean.com]] * [[https://www.graylog.org/|GrayLog]] [[https://docs.graylog.org/en/4.0/pages/installation/os/ubuntu.html#ubuntuguide|Ubuntu Install Guide]] Note: There are different features for the enterprise version (for pay) vs opensource. * [[http://www.logalyze.com/|LOGalyze]] * Logz.io is based on Elastic Stack... learn more [[https://logz.io/open-source/|here]]. * Splunk (Seems to have gone for pay... probably want to try something else. Never-the-less one of the top rated apps!) Some solutions go beyond simple log aggregators/analyzers to monitor everything... these include: * PRTG (includes log analyzing, but may be overkill for what we are doing) * ZabbixL https://www.zabbix.com/ * AlienVault: https://www.alienvault.com/products/ossim |
Line 17: | Line 22: |
Install a system of your choice. If its not on the list, check with me first and if its ok, I'll add it. You should collect information from OpenVas, Suricata, Windows Logs and ubuntu for aggregation in the dashboard of your choice. | Install a system of your choice. If its not on the list, check with me first and if its ok, I'll add it. You should collect information from !OpenVas, Suricata, Windows Logs and ubuntu for aggregation in the dashboard of your choice. |
Line 21: | Line 26: |
In less than two minutes: |
|
Line 22: | Line 29: |
1. Show something from OpenVas | 1. Show something from pfSense 1. Show something from !OpenVas |
Line 25: | Line 33: |
== Hints == I have used !GrayLog and I found https://www.youtube.com/watch?v=rtfj6W5X0YA to be useful as a sample. |
Lab 09 Dashboards - Keeping data under control
Introduction
In the last two labs particularly, we have gathered information. But how do you make sense of it all? Log analyzer and dashboards!
Take the first 15 minutes of lab to research dashboards that you might want to install and use to work with Suricata, OpenVas and your windows systems.
Elastic Stack (here is a good tutorial by digitialocean.com
GrayLog Ubuntu Install Guide Note: There are different features for the enterprise version (for pay) vs opensource.
Logz.io is based on Elastic Stack... learn more here.
- Splunk (Seems to have gone for pay... probably want to try something else. Never-the-less one of the top rated apps!)
Some solutions go beyond simple log aggregators/analyzers to monitor everything... these include:
- PRTG (includes log analyzing, but may be overkill for what we are doing)
ZabbixL https://www.zabbix.com/
Install a system of your choice. If its not on the list, check with me first and if its ok, I'll add it. You should collect information from OpenVas, Suricata, Windows Logs and ubuntu for aggregation in the dashboard of your choice.
Show Me
In less than two minutes:
- Show your Dashboard working
- Show something from pfSense
Show something from OpenVas
- Show something from Suricata
- Show something from your Windows Server
Hints
I have used GrayLog and I found https://www.youtube.com/watch?v=rtfj6W5X0YA to be useful as a sample.