Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Industrial Cybersecurity

You're reading from   Industrial Cybersecurity Efficiently monitor the cybersecurity posture of your ICS environment

Arrow left icon
Product type Paperback
Published in Oct 2021
Publisher Packt
ISBN-13 9781800202092
Length 800 pages
Edition 2nd Edition
Arrow right icon
Author (1):
Arrow left icon
Pascal Ackerman Pascal Ackerman
Author Profile Icon Pascal Ackerman
Pascal Ackerman
Arrow right icon
View More author details
Toc

Table of Contents (26) Chapters Close

Preface 1. Section 1: ICS Cybersecurity Fundamentals
2. Chapter 1: Introduction and Recap of First Edition FREE CHAPTER 3. Chapter 2: A Modern Look at the Industrial Control System Architecture 4. Chapter 3: The Industrial Demilitarized Zone 5. Chapter 4: Designing the ICS Architecture with Security in Mind 6. Section 2:Industrial Cybersecurity – Security Monitoring
7. Chapter 5: Introduction to Security Monitoring 8. Chapter 6: Passive Security Monitoring 9. Chapter 7: Active Security Monitoring 10. Chapter 8: Industrial Threat Intelligence 11. Chapter 9: Visualizing, Correlating, and Alerting 12. Section 3:Industrial Cybersecurity – Threat Hunting
13. Chapter 10: Threat Hunting 14. Chapter 11: Threat Hunt Scenario 1 – Malware Beaconing 15. Chapter 12: Threat Hunt Scenario 2 – Finding Malware and Unwanted Applications 16. Chapter 13: Threat Hunt Scenario 3 – Suspicious External Connections 17. Section 4:Industrial Cybersecurity – Security Assessments and Intel
18. Chapter 14: Different Types of Cybersecurity Assessments 19. Chapter 15: Industrial Control System Risk Assessments
20. Chapter 16: Red Team/Blue Team Exercises 21. Chapter 17: Penetration Testing ICS Environments 22. Section 5:Industrial Cybersecurity – Incident Response for the ICS Environment
23. Chapter 18: Incident Response for the ICS Environment 24. Chapter 19: Lab Setup 25. Other Books You May Enjoy

Exercise 4 – Sending SilentDefense alerts to Security Onion syslog

This chapter is all about getting a handle on information, making it so that we see the most relevant information first, conveniently and decisively. What is more decisive than an alert from our OT IDS (SilentDefense), alerting us that someone or something is causing issues? At this moment, those alerts are only generated in the SilentDefense Command Center portal and displayed in there. We want to transport those alerts to Security Onion so that we can add them to the Elasticsearch database, allowing us to include the alert data, and other interesting data collected by SilentDefense, in our correlation efforts and searches.

Follow these instructions to get SilentDefense alerts and network logs sent over to the syslog service of the Security Onion VM:

  1. The first thing we need to do is to allow syslog access to Security Onion from the SilentDefense Command Center server (172.25.100.240). SSH into the...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image