Shell threat-hunting Projects
-
securityonion
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Project mention: Security Onion on Proxmox with Linux Bridges and LACP Bond | /r/homelab | 2023-06-11I'm trying to get Security Onion running in my lab on my Proxmox server. I'm having trouble getting my WAN traffic to my SO VM. My WAN comes in on VLAN 100 to my switch and goes to my router (Virtual VyOS on the same physical host). I have a ton of VMs and really don't want to move to OVS if I don't absolutely have to. I found this discussion which included some commands for getting SO working on a Linux bridge, but this didn't work for me. Probably because my environment is different. Does anybody have SO setup this way? If so, how did you do it?
Event Search Hunting Queries: https://github.com/CrowdStrike/falcon-query-assets/tree/main/Falcon-Event-Search/Threat-Hunting-Queries
Shell threat-hunting related posts
Index
Project | Stars | |
---|---|---|
1 | securityonion | 2,848 |
2 | falcon-query-assets | 94 |
Sponsored