Doug Burks also does a boatload of training on it. Most of it is available online for reasonable fee. I got turned onto it at Derbycon a few years ago by Doug, he is a great guy. Very easy to work with.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Joey Smith Sent: Saturday, January 9, 2016 7:27 PM To: [email protected] Subject: RE: [NTSysADM] Source of DNS queries On Fri, 8 Jan 2016, Kennedy, Jim wrote: > Another option. Port mirror your DNS server and spin up > SecurityOnion. That is what I am using….port mirroring all my > to/from server traffic to it. That will get you basic IDS, or you can > use the Bro logs. I definately like Security Onion. It's a beast to learn, but it does get all the tools installed or staged to use for a nice Open Source Network Monitoring System. I would recommend Standalone mode to start and get a copy of Richard Bejtlich's Practice of Network Security Monitoring. They're big fans of Security Onion and even hired the author of SO to work for them. Good stuff!
