12
Saw a massive difference in my login alerts after just 3 days of running a SIEM
I set up a free Security Onion instance on an old Dell OptiPlex in my basement last Tuesday. Before that, I had no idea how many bots were hitting my home server from random IPs in China and Brazil. After 72 hours, I counted over 2000 failed SSH attempts that my router firewall was just silently letting through. Has anyone else been shocked by what they found after setting up basic monitoring at home?
2 comments
Log in to join the discussion
Log In2 Comments
kai8076d ago
Gotta disagree a bit here. Those 2000 failed SSH attempts are mostly just automated scanners looking for vulnerable servers, and your router firewall was doing its job by not responding to them. A SIEM showing you those alerts doesn't necessarily make your network safer, it just gives you a dashboard to feel worried about. Before Security Onion you probably had zero incidents, and now you have 2000 "threats" that are basically background noise of the internet. Most home users get way more paranoid after setting up monitoring because they can't tell the difference between a real attack and a bot scanning the whole IPv4 range.
9
davis.mia6d ago
But @kai807, isn't all that background noise still exposing your system to potential zero-days and misconfigurations you don't even know about?
1