Cyber Security and Technology (Essay Sample)

Cyber Security
Name
Course
Institution
Cyber Security
With the current rapid advancement in technology, cyber security is becoming a significant challenge. Security onion is an open-source and free Linux distribution for log management, enterprise security control, and threat hunting. Some of the onion security components discussed in this paper includes Squert, Wireshark, Kibana, and Sguil.
Squert is a Squid's add-on web interface. This tool adds extensions to the Squil visualizations, including a logical grouping of data and time series representations. It is utilized to view and query event data stored in the database of Sguil (majorly alert data related to IDS). Being a visual tool, Squert tries to offer extra context to events via the use of logically grouped and weighted results set, time series representations, and metadata. The analyst console possessed by Squert complements with Sguil. Besides, the information related to the context of a group of events, as well as alerts, is imported by Squert and develops a timeline to follow each aspect of these components. Squert does not show the Sguil database, but instead, it indicates various perspectives of data in it. Squert can also work with Capme.
Sguil, whose pronunciation is sgweel, is created by the network security analysts to provide solutions to the problems related to network security. The primary component of Sguil is an intuitive GUI that offers access to raw packet captures, session information, and concurrent events (Chapman, 2016). This security tool facilitates the practice of event-driven examination and network security control. tcl/tk is the form in which the Sguil is written, and it can function in any operating system which supports tcl/tk. Some of the operating systems that Sguil can be run on include Win32, MacOS, Solaris, BSD, and Linux. This tool ensures that the captured data is visible. The data from Wazuh, Suricata, and Snort is pulled together by GUI. The context of an alert provided by Sguil gives more details to the network security analysts. Besides, it contains collaborative features that make it easy to understand. It also includes integrated tools such as Wireshark, Network Miner, and CapMe. These are the software that works with Sguil.
Kibana is Elasticsearch's open-source data visualization console. This tool offers visualization abilities on the content that is indexed on the clusters of Elasticsearch. Kibana can enable one to create maps and pie charts, bar graphs, and scattered plots on top of the massive volume of data. Besides, this security tool offers a presentation tool known as Canvas, which enables the people using it to develop slide decks that source live data from Elasticsearch directly. The combination of Kibana, Logstash, and Elasticsearch to form "Elastic Stack" is available to the users in the form of service or product. The input stream is offered to Elasticsearch by Logstash for search and storage. From this, Kibana can obtain visualization data from Elasticsearch's dashboard.On the other hand, Elastic "Beats" packages that can be easily configured to give pre-made Kibana dashboards and visualizations related to different application technologies and database (Garrett, 2018). This security tool is easy to understand. Like Elasticsearch, Kibana is also powerful and flexible. Kiban is written in JavaScript. REST API can be utilized to provide certain Kibana features. It is appropriate for automating specific features of developing and deploying Kibana or for creating integration with it. Every API is experimental, as it involves breaking changes in various Kibana versions. 
Wireshark is a security tool that captures data and "understands" the encapsulation (structure) of diverse internet protocols. As specified by various internet protocols, Wireshark can display and parse the fields together with their meanings. To capture packets, Wireshark utilizes pcap. Thus, it can only reflect packets on the network kinds supported by pcap. In this tool, the information "from the wire" can be captured from an internet connection that is active or us