Packets or it didn't happen!
  • Snort3 on Ubuntu 20 - Housekeeping - AppID, RNA, Performance Monitoring, Profiling, JSON Logging, Other config, etc. - Securitynik
    Now that your Snort3 has been installed and you have confirmed all your tests are working as expected, and you then fed the pig, your next step is to configure Snort3 for your specific environment. This philosophy should also be the same for any security tool you are using. Let’s customize Snort3 for our environment. […]
  • Snort3 on Ubuntu 20 - Feeding and testing the pig - rules and PulledPork - Securitynik
    Now that we have installed and configured Snort3, as well as learned a little about it, let’s now looking at feeding the pig … giving it rules … and then testing those rules before we perform our housekeeping. Let’s create the directories for us to store our rules and block lists securitynik@snort3:~$ sudo mkdir /usr/local/etc/rules […]
  • Snort3 on Ubuntu 20 - Learning a little about our installation - Getting Help, Running Snort3, etc - Securitynik
    In the previous post, we performed the install of Snort3. In this post, we learn a little about Snort3 before we start feeding it via rules and then perform some housekeeping. Getting help! securitynik@snort3:~$ snort --help Snort has several options to get more help: -? list command line options (same as --help) --help this overview […]
  • Snort3 on Ubuntu 20 - The Initial Setup - Securitynik
    Now that Cisco has released Snort3┬ávia general availability, I decided to do a quick 4 part series on its installation, learning a little about Snort3, feeding the pig and Snort3 housekeeping. Back in 2014, I did a post on “Building snort 3.0 (snort++)“. With 6 years elapsing, I wanted to see what has changed with […]
  • Troubleshooting HTTPS - SSH Connectivity to IBM QRadar with TShark - Securitynik
    Had a little issue today, where the team could not connect to an IBM QRadar appliance via SSH or HTTPS. This is somewhat strange as we expect these services to be available for us to be able to do our job. I Assigned the task to an Analyst to take a quick look. here is […]

Upcoming Events