Top products from r/securityonion
We found 1 product mention on r/securityonion. We ranked the 1 resulting product by number of redditors who mentioned them. Here are the top 20.
We found 1 product mention on r/securityonion. We ranked the 1 resulting product by number of redditors who mentioned them. Here are the top 20.
The big thing here is that installing SO in a VM on production host wouldn't really be considered air-gapped. For that to be the case, you'd need to do it on a separate physical host.
If you're just replaying PCAP traffic over an interface then you probably don't need much isolation and can just use a private interface for your sniffing interface. If you're going to be performing malware analysis of live files, you'll want to take quite a few more precautions. I'd recommend this book which covers this in detail: https://smile.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631/