I have been working on implementing Security Onion in a production environment. The two major problems that have given me headaches so far is storage on the sensor nodes, and internal networking. Networking Problem Security Onion uses docker to create and manage different aspects of itself. Below is a good image of the different containers … Continue reading Initial Security Onion Problems
Demisto Playbooks
I have been doing a lot of work on playbook design and automation recently, and stumbled upon some really great work by Demisto, a security automation platform. I haven't been able to experiment with the product, so can't say how good I feel it is. The playbook blog they run, though, is very helpful! For … Continue reading Demisto Playbooks