Our most recent ISO image includes the latest version of so-import-pcap and one of the new features is the ability to automatically run Setup for you. This means that you can now analyze pcap files in Security Onion in just 3 simple steps!
- install our most recent ISO image
- sudo so-import-pcap /path/to/pcap/file
- log into Squert and Kibana to review alerts and logs with original timestamps
Finally, this new so-import-pcap should now handle errors much more gracefully. For example, corrupt pcap files are now automatically fixed using pcapfix.
As a reminder, so-import-pcap is NOT intended to run on your existing production deployment. Instead, it is intended for standalone systems designated for so-import-pcap.
Screenshot Tour
so-import-pcap warns before making any changes |
so-import-pcap can now run Setup automatically for you |
When so-import-pcap is complete, it will provide a hyperlink to view all data in Kibana |
Kibana and Squert displaying logs and alerts while using just over 3GB RAM |
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.