pfelk
securityonion
Our great sponsors
pfelk | securityonion | |
---|---|---|
23 | 7 | |
980 | 2,819 | |
1.7% | 5.6% | |
9.1 | 8.8 | |
11 days ago | 1 day ago | |
Shell | Shell | |
GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pfelk
-
Best way to use my SFF PCs
I understood that OPNsense runs fine with 8GB RAM and a relatively weak CPU, but then I saw this, which provides extended search and visualisation features to help you use the data created by OPNsense, and it recommends 32GB. pfelk/pfelk: pfSense/OPNsense + Elastic Stack (github.com)
-
pfELK won't receive syslog data on port 5140
I've carefully followed the manual Ubuntu setup of pfelk from https://github.com/pfelk/pfelk/tree/main, the instructions are pretty good. I did everything manually except for the dashboards, used the handy script. I've also configured syslog to remote log everything to it, plus unbound data.
- SIEM or Dashboards
- Logs to LogStash then to Sentinel. Parsing problem.
-
i'm looking for an PFsense app that i Can use it with splunk, i find only one but it miss Many options
I've been using pfElk. You could probably use some of the parsers from there to parse things yourself in Splunk.
-
My growing homelab, CS student in Germany
On the left is a Kibana dashboard, showing information from the firewall (blocks/passes, connection type, etc). I use pfelk and customised the dashboard and the indexing a bit to suit my needs.
- PfSense Guide for Viewing Traffic History?
-
Running a private mail server for six years, easy peasy
> So many chinese and russians IPs...
And Korean, and Dutch, I recall significant from Central America.
For anyone interested in what Geo's appear to be attacking you, and is a noob like me: https://github.com/pfelk/pfelk is really cool.
- How to best visualize Suricata alerts in pfsense
securityonion
-
Security Onion on Proxmox with Linux Bridges and LACP Bond
I'm trying to get Security Onion running in my lab on my Proxmox server. I'm having trouble getting my WAN traffic to my SO VM. My WAN comes in on VLAN 100 to my switch and goes to my router (Virtual VyOS on the same physical host). I have a ton of VMs and really don't want to move to OVS if I don't absolutely have to. I found this discussion which included some commands for getting SO working on a Linux bridge, but this didn't work for me. Probably because my environment is different. Does anybody have SO setup this way? If so, how did you do it?
- Do I need to be concerned? Ipinfo.io says the ip adress is from Slovakia.
- Elastic Stack 8.2 and Suricata Integration
- Security Onion 2: #distro de #Linux para la caza de amenazas, la supervisión de la seguridad empresarial y la gestión de registros 💯
-
FOSS Deep Packet Inspection Options
https://securityonionsolutions.com/software/ https://github.com/Security-Onion-Solutions/securityonion
-
PFsense vs Mikrotik
I have been debating in my head whether to keep my current setup (PFsense on an old laptop) or buy a 'proper?' solution, by this I mean specialised hardware. PFsense has had a few issues like randomly dropping out, but it has been fine for around 4 days now. My question is: Should I buy a Mikrotik HEX S and use the laptop for other things, or not buy a Mikrotik and instead buy a Dell Optiplex 3020 from Ebay and run SecurityOnion (https://github.com/Security-Onion-Solutions/securityonion) or pfELK (https://github.com/pfelk/pfelk) on it.
-
SecurityOnion
Community support is here. You can also purchase support from the developers on their website.
What are some alternatives?
ElastiFlow - Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack
arkime - Arkime is an open source, large scale, full packet capturing, indexing, and database system.
docker-elk - The Elastic stack (ELK) powered by Docker and Compose.
Malcolm - Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
pfSense-Dashboard - A functional and useful dashboard for pfSense that utilizes influxdb, grafana and telegraf
nDPI - Open Source Deep Packet Inspection Software Toolkit
HELK - The Hunting ELK
core - OPNsense GUI, API and systems backend
docker-compose-macvlan - Docker-compose macvlan example - container using different IP address than host.
AIMOD2 - Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proactively identify, engage and prevent cyber threats denying or mitigating potential damage to the organization.
fast-geoip - A faster & low-memory replacement for geoip-lite, a node library that maps IPs to geographical information
hardening - Hardening Ubuntu. Systemd edition.