Re: [External] [SECURITY] Security Onion - Hardware Recommendations

[Jason Rinne <000001eec16a232b-dmarc-request () LISTSERV EDUCAUSE EDU>]

Hi Kevin, I knew there would be a lot of questions but I didn't know where
to start to get the ball rolling.
-I would say 1-2 users logged in and searching.
-I would like to run suricata + zeek with this deployment but I don't know
about full pcap. I doubt I have the budget for storing full pcap.



*Jason Rinne*

*Systems Administrator*

500 E College Street | Marshall, MO 65340

P| 660.831.4088

rinnej () moval edu | www.moval.edu
<http://www.google.com/url?q=http%3A%2F%2Fwww.moval.edu%2F&sa=D&sntz=1&usg=AFQjCNGKt2IG1bGuzs-09SwzY5L1h8waMQ>

[image: www.moval.edu] <http://www.moval.edu>


On Thu, Feb 11, 2021 at 8:07 AM Kevin Wilcox <wilcoxkm () appstate edu> wrote:

> Hi, Jason!
>
> What volume of data do you plan to pull in, how many users logged in and
> searching, are you running suricata + zeek, are you storing full pcap,
> there are lots of questions before any recommendations can be made =)
>
> kmw
>
> On Thu, Feb 11, 2021 at 8:50 AM Jason Rinne <
> 000001eec16a232b-dmarc-request () listserv educause edu> wrote:
>
> > Does anyone have Security Onion running in their environment that would
> > be willing to share your hardware specs?
> > I had an older version of SO running before but only in a stand alone
> > setup. I want to jump back in with the new version and need advice on
> > hardware and deployment strategy.
> >
> >
> >
> > *Jason Rinne*
> >
> > *Systems Administrator*
> >
> > 500 E College Street | Marshall, MO 65340
> >
> > P| 660.831.4088
> >
> > rinnej () moval edu | www.moval.edu
> > <http://www.google.com/url?q=http%3A%2F%2Fwww.moval.edu%2F&sa=D&sntz=1&usg=AFQjCNGKt2IG1bGuzs-09SwzY5L1h8waMQ>
> >
> > [image: www.moval.edu] <http://www.moval.edu>
> >
> > **********
> > Replies to EDUCAUSE Community Group emails are sent to the entire
> > community list. If you want to reply only to the person who sent the
> > message, copy and paste their email address and forward the email reply.
> > Additional participation and subscription information can be found at
> > https://www.educause.edu/community
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community