A minimal Security Onion installation is an IMPORT installation and can be used to import PCAP or EVTX files in a minimal VM with as little as 4GB RAM:
On the opposite end of the architecture spectrum, a distributed deployment consists of:
- a manager node
- one or more forward nodes running Suricata and Zeek to analyze network traffic and generate NIDS alerts and protocol metadata logs
- one or more search nodes running Elasticsearch to store and search logs
- optional receiver nodes for load balancing and pipeline redundancy
- optional Intrusion Detection Honeypot (IDH) nodes for deception
This is a scalable model and can support hundreds of nodes and thousands of endpoints running the Elastic Agent.
For more information, please see the Architecture section of our documentation:
No comments:
Post a Comment