The purpose of this project is to determine if a free, open-source program can function in the role of a Security Operations Center for a Fortune 500 Company. This program is needed to analyze a network, or multiple networks, for a variety of threats. It also needs to be able to display alerts from the threats on a centralized server.
Security Onion is the program currently being examined for this project. It meets the necessary requirements, while also being a free, open-source solution. The interfaces included in Security Onion can also display alerts in real-time. Security Onion has been tested on VLANs and is able to collect data from multiple networks. Security Onion’s Elsa program contains dashboards on web interfaces to visually show alerts and other types of information that has been collected.
Project Student: Michael Thomas