The Sandbox Systems in this lab are intended for use in Penn State's SRA 221 course.
This lab introduces students to the Security Onion Security Information and Event Management (SIEM) system. It is a widely used SIEM that integrates multiple tools into one platform. Tools include: Log analysis tools such as Elasticsearch, Logstash, and Kibana; intrusion detection systems such as Suricata, Zeek and Snort; and threat detection systems such as Wazuh.
Students will learn to configure Security Onion and to use Squil, a graphical analyst console; Squert, a web application that is used to query and view event data stored in a Sguil database; and Kibana, the data visualization and exploration user interface for the Elasticsearch log analysis system.
This lab will introduce students to the Linux Network Security Toolkit (NST), a suite of open-source tools for network traffic analysis, intrusion detection, and packet generation. NST targets security professionals and network administrators, offering tools primarily drawn from the "Top 125 Security Tools" list by INSECURE.ORG,
NST's key feature is a Web User Interface (WUI) for management. The WUI provides a graphical interface for configuring of the tools in NST, without requiring extensive command-line expertise. In this lab students will use the NST WUI to configure SNORT, a network intrusion detection system.
