User Tools

Site Tools


Security Operation Center@home

We'll use SecurityOnion
Minimum requirement as of version 2.3.30 are :

  • 4 Cores
  • 12GB RAM
  • 200GB HDD

On top of this you'll need: 2 NICs (1 for management, 1 for the monitoring)
:!: You ARE NOT ALLOWED TO SNIFF/MONITOR network you don't own or for which you are not authorised :!:
That being said let's jump on it.

Virtual or Physical

It's really up to you, personally I have a Dell Optiplex 7010 (16GB RAM i5-3470 256GB SSD) I tried using Security Onion under VMWare ESXi 7 but couldn't make it see all devices of my home network. So I bought a 8 ports SWITCH with port mirroring (TP-link TL-SG108E)and used the Optiplex as standalone physical machine. I installed using sda as system disk and sdb (2TB SSD) for NSM data. I chose to run all services available and installed Security onion as “STANDALONE” :!: set the management NIC with a static IP :!:

Once installed and setup you can access the web interface using https://static_IP_of_Security_Onion

SSL Certs

Like for the rest of my local webservice I use a A record in my DNS then use certbot

sudo certbot -d yoursoc.yourdomain.tld --server --manual --preferred-challenges dns certonly
  • /etc/salt/minion.d/signing_policies.conf
 grep ssl -A10 /etc/salt/minion.d/signing_policies.conf

First time (backup original files)

cd /etc/pki
cp ca.key
cp ca.crt
cp managerssl.crt
cp managerssl.key


sudo su
cd /etc/letsencrypt/live/
scp fullchain.pem privkey.pem
cd /etc/pki
cp /home/warnaud/fullchain.pem managerssl.crt
cp: overwrite ‘managerssl.crt’? y
cp /home/warnaud/privkey.pem managerssl.key
cp: overwrite ‘managerssl.key’? y

Wazuh Agent

Silence rule

 grep  2033078 /opt/so/rules/nids/all.rules

where 2033078 is the rule.uuid in “Alerts”

 vi /opt/so/saltstack/local/pillar/minions/soc_standalone.sls
    ruleset: 'ETOPEN'
    oinkcode: ''
        - 2033078

:!: as always it's NOT WORKING and SCREW UP TOTALLY ALL SO containers :!: (!!!!!!!!!!!!!!!!!!!!!)


devices/dell_optiplex7010/soc.txt · Last modified: 2022/06/30 08:22 by warnaud