Security Onion started in 2008 as a Network Security Monitoring (NSM) platform. Over the years, more and more of our network traffic has become encrypted. That's a good thing for privacy but it makes our jobs as defenders a little more difficult. To fill in those blind spots, we've spent the last several years making sure that Security Onion is equally as powerful on the host side as it is on the network side. Here's a diagram showing an overview of Security Onion consuming not just network traffic from your taps or span ports but also logs from your endpoints:
The following screenshot shows a comprehensive Security Onion deployment that does both network monitoring and host monitoring as well:
Security Onion includes a complete set of dashboards for each of those different kinds of endpoint data:
The Elastic Agent Overview dashboard gives you an overview of the comprehensive telemetry that is provided by the Elastic Agent when installed on your servers, desktops, and laptops:
You can read more about our endpoint capabilities in the Host Visibility section of our documentation:
https://docs.securityonion.net/en/2.4/host.html
No comments:
Post a Comment