Differences

This shows you the differences between two versions of the page.

--- tools:network_tools [2025/08/29 11:22] – aperez
+++ tools:network_tools [2025/08/29 12:05] (current) – aperez
@@ Line 1026: / Line 1026: @@
 ----
+====== Security Onion Solutions (SOS) Overview ======
+**Security Onion Solutions (SOS)** is a free and open platform for network security monitoring, intrusion detection, and log management.
+It is widely used to build Security Operations Centers (SOC) and provides integrated tools for monitoring, hunting, and incident response.
+Official website: [[https://securityonionsolutions.com|securityonionsolutions.com]]
+===== Key Features =====
+  * **Alerts** – Correlate events from IDS/IPS engines (e.g., Suricata, Snort).
+  * **Hunt** – Threat hunting interface to query and analyze logs and events.
+  * **Detections** – Rules-based and anomaly-based detection.
+  * **PCAP** – Packet capture and full session reconstruction.
+    * Pull packet captures from network events and analyze them using SOC interface, CyberChef, or external tools (e.g., Wireshark).
+  * **Cases** – Integrated case management for incident response.
+  * **Dashboards** – Visualization of alerts, logs, and KPIs.
+  * **Analyzers** – Built-in and external tools to parse and analyze captured data.
+===== Data Types =====
+  * **Agent** – Endpoint agents to collect telemetry.
+  * **Alert** – Event-based alerts from detection engines.
+  * **Asset** – Network and host assets tracked within the SOC.
+===== Integrated Tools =====
+  * Suricata IDS/IPS
+  * Zeek network security monitor
+  * Wazuh for host monitoring
+  * TheHive case management
+  * Kibana dashboards
+  * CyberChef for data parsing and decoding
+===== Benefits =====
+  * Free and open-source (with professional support available).
+  * All-in-one SOC in a box (network + host + log analysis).
+  * Scalable: from single node deployments to enterprise SOC clusters.
+  * Strong community support and active development.
+===== Useful Links =====
+  * [[https://securityonionsolutions.com/software/features|SOS Features]]
+  * [[https://securityonionsolutions.com/training|Training & Certification]]
+  * [[https://securityonionsolutions.com/support|Support & Community]]
+  * [[https://github.com/Security-Onion-Solutions|GitHub Repository]]
+{{ :tools:sos_linux.png?400 |}}
+{{ :tools:sos_linux2.png?400 |}}
+{{ :tools:sos_linux3.png?400 |}}
+----
+====== Prometheus Overview ======
+**Prometheus** is an open-source monitoring and alerting toolkit designed for reliability and scalability.
+It collects, stores, and queries time-series data, and is widely used to monitor applications, systems, and services.
+Official website: [[https://prometheus.io|prometheus.io]]
+===== Key Features =====
+  * **Dimensional Data Model**
+    * Time series are identified by a metric name and key-value pairs (labels).
+    * Provides flexibility to organize and query metrics.
+  * **Powerful Queries**
+    * PromQL (Prometheus Query Language) allows filtering, aggregation, and correlation of time-series data.
+    * Enables advanced dashboards, visualizations, and alerting.
+  * **Precise Alerting**
+    * Rules are defined in PromQL.
+    * Alerts leverage the dimensional model for flexible conditions.
+    * Integrated with Alertmanager for routing, notifications, and silencing.
+  * **Simple Operation**
+    * Independent server, relies only on local storage.
+    * Written in Go, distributed as single static binaries.
+    * Easy to deploy in diverse environments.
+  * **Instrumentation Libraries**
+    * Wide set of official and community libraries.
+    * Covers most major languages (Go, Java, Python, Ruby, etc.).
+    * Allows developers to expose custom metrics.
+  * **Ubiquitous Integrations**
+    * Hundreds of exporters and integrations available.
+    * Common use: Node Exporter, cAdvisor, Blackbox Exporter, etc.
+    * Easy to extract metrics from existing systems.
+===== Typical Use Cases =====
+  * Monitoring microservices and containerized applications (Kubernetes, Docker).
+  * Collecting system-level metrics (CPU, memory, disk, network).
+  * Application-specific instrumentation (business logic, API metrics).
+  * Centralized alerting with Alertmanager.
+  * Integration with Grafana for visualization.
+===== Benefits =====
+  * Open source and widely adopted in the industry.
+  * Strong ecosystem (exporters, integrations, community).
+  * Highly flexible query model and alerting system.
+  * Scales from single servers to large distributed clusters.
+===== Useful Links =====
+  * [[https://prometheus.io/docs|Documentation]]
+  * [[https://prometheus.io/download|Download]]
+  * [[https://prometheus.io/community|Community]]
+  * [[https://prometheus.io/blog|Blog]]
+{{ :tools:graficar_linux1.png?400 |}}
+----