![Day[9]TV](/images/header-logo.png){kind=logo}
Onion Chopper
roaldi Code and Eng DK30 Fall 2020 3 2
Description
Security Onion (network monitoring tool suite) is bloated, overly reliant on behind-the-scenes docker containers, and not agile enough for my liking. So I will be taking the time to create my own sensor appliance that better suits my data flow, from network to a Splunk index endpoint. https://github.com/roaldi/onion_chopper
Recent Updates
Woooo, logstash is pulled and the installer works. Now I need to go back to working on bringing rules into snort, and setting up packet capture.
Well, snort 3 installs just fine, on to zeek. Should be simple though, not nearly as many depends, or other stuff I can break.
Estimated Timeframe
Oct 21st - Nov 21st
Week 1 Goal
Build the base parts, and put everything into an install script that will pull source, compile, and install all of the required modules.Week 2 Goal
Get all the modules to start talking to each other successfully, and set up to manually configure each module.Week 3 Goal
Build configuration scripts that are run post-install, to make it more accessible to other users.
Week 4 Goal
Test, test, test. Goal is to be comfortable with 1Gbe speed, and plenty of leeway to deal with 10gbe (which I am unable to test, due to lab restrictions).
