Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
The grid interface in SOC displayed a fault message for all sensors after switching my metadata engine to Suricata. The issue was fixed by removing so-zeek from /opt/so/conf/so-status/so-status.conf.
Recommend verifying so-zeek docker container is stopped and so-zeek is removed from /opt/so/conf/so-status/so-status.conf if suricata is set as the mdengine.
TOoSmOotH
commented
1 year ago
The grid interface in SOC displayed a fault message for all sensors after switching my metadata engine to Suricata. The issue was fixed by removing so-zeek from /opt/so/conf/so-status/so-status.conf.
Recommend verifying so-zeek docker container is stopped and so-zeek is removed from /opt/so/conf/so-status/so-status.conf if suricata is set as the mdengine.