Shubham Mittal (Security Consultant)
Areas of interest:
Mobile Security, OSINT and network monitoring.
Sudhanshu Chauhan (Security Consultant)
Areas of interest:
OSINT, Social Network Analysis and Competitive
Security Onion is a Linux distro for intrusion detection,
network security monitoring, and log management.
It's based on Ubuntu and contains Snort, Suricata, Bro,
OSSEC, Sguil, Squert, Snorby, ELSA, Xplico,
NetworkMiner, and many other security tools.
• Full packet capture
• Network-based and Host-based intrusion detection
• Analysis tools
Intrusion Detection System (IDS)
A device or software application that monitors network or
system activities for malicious activities or policy
violations and produces reports to a management
Network Security Monitoring
Monitoring your network for security related events.
It might be proactive, when used to identify vulnerabilities
or expiring SSL certificates, or it might be reactive, such
as in incident response and network forensics.
NSM provides context, intelligence and situational
awareness of your network
To collect all logs, software activity, user events, and
Ruby On Rails Application For Network Security
Integrates with intrusion detection systems like Snort,
Suricata and Sagan.
Squert is a web application that is used to query and view
event data stored in a Sguil database (typically IDS alert
It attempts to provide additional context to events through
the use of metadata, time series representations and
weighted and logically grouped result sets.
Sguil is a Network Security Monitoring tool (not browser
It's main component is an intuitive GUI that provides
access to realtime events, session data, and raw packet
ELSA (Enterprise Log search and
ELSA is a centralized syslog framework built on Syslog-
NG, MySQL, and Sphinx full-text search.
It provides a fully asynchronous web-based query
interface that normalizes logs and makes searching
billions of them for arbitrary strings as easy as searching
Open Source Host-based Intrusion Detection System that
performs log analysis, file integrity checking, policy
monitoring, rootkit detection, real-time alerting and active
Bro is a Network analysis framework.
It provides a comprehensive platform for more general
network traffic analysis.
• Standalone: A single physical or virtual machine running
both the server and sensor components and related
• Server-sensor: A single machine running the server
component with one or more separate machines
running the sensor component and reporting back to the
• Hybrid: A hybrid installation consists of a standalone
installation that also has one or more separate sensors
reporting back to the server component of the it.