SNORT (IDS/IPS)
Scope Of Work:
Established a virtualized environment using VirtualBox (Oracle's Type-2 Hypervisor), configuring two Virtual Machines: one running Ubuntu as the target and the other running Kali Linux to generate network traffic. Successfully executed an NMAP command aimed at the Honeypot, resulting in SNORT (IDS/IPS) promptly detecting and triggering the rule, accompanied by a relevant alert message.
Tools:
Oracle VM VirtualBox
OS1: Kali Linux
OS2: Ubuntu
NMAP
SNORT (IDS/IPS)
SNORPY (Snort Rule Creator)
Lesson Learned:
Log Analytics
Virtualization (HoneyPot)
Intrusion Detection System (IDS)
Network Scanning
Challenges:
The main hiccup I faced was getting Snort set up, but once that hurdle was cleared, it was smooth sailing. Just had the two devices communicate and capture the traffic.