Which tool is a Security Onion integrated host-based intrusion detection system?
Explanation: OSSEC is a host-based intrusion detection system (HIDS) that is integrated into Security Onion and actively monitors host system operation.
Which NIDS tool uses a signature-based approach and native multithreading for alert detection?
Explanation: Suricata is a NIDS tool that uses a signature-based approach. It also uses native multithreading, which allows the distribution of packet stream processing across multiple processor cores.
Which tool included in Security Onion is an interactive dashboard interface to Elasticsearch data?
Explanation: Kibana is an interactive dashboard interface to Elasticsearch data. It allows querying of NSM data and provides flexible visualizations of that data. It provides data exploration and machine learning…
Which tool is included with Security Onion that is used by Snort to automatically download new rules?
Explanation: PulledPork is a rule management utility included with Security Onion to automatically download rules for Snort.
What is the host-based intrusion detection tool that is integrated into Security Onion?
Explanation: Integrated into the Security Onion, OSSEC is a host-based intrusion detection system (HIDS) that can conduct file integrity monitoring, local log monitoring, system process monitoring, and rootkit detection.
True or False? A benign event should trigger an alert.
Explanation: A benign event should not trigger an alert.
Which type of alert is it when an alert is received, and an exploit has been verified?
true positive true negative false positive false negative
Which type of incident has occurred when nothing is reported, however an exploit has occurred?
Explanation: A false alert has no incidents reported, however an exploit has occurred.
Which type of alert has happened when an alert is received, but no incident has occurred?
Explanation: A positive alert happens when an alert is received, but no incident has occurred.
Which type of alert would have no incident reported and no incident has occurred?
Explanation: A true alert occurs when no incidents are reported and no incidents have occurred.