OPNids is installed.. what do I now?

Hello,

Is anyone here?

I’ve installed OPNids on a machine with multiple NICs and I can get to the management interface… but I don’t know what to do with the system now. Am I supposed to setup a port mirror on a switch to funnel traffic in? I was expecting to put this ‘inline’ in the network but I don’t see a way to have all traffic sent through. Have I missed something obvious in the Docs?

Looking forward to getting this system working! :slight_smile:

Hello there,

Thank you for your interest in OPNids and evaluating it. It is constantly being updated and features and fixes. We’d be releasing our beta version of the software in next few weeks.

To answer some of your questions:

It will currently not support inline mode. You’ll need to setup a span or tap to feed data to it.
There are essentially 2 components within OPNids which you might be interested to use.
Suricata engine (for IDS functionality, you’ll need to get and upload rules to make it work)
MLE (Machine Learning Engine to host and run your models on the data stream)

The output of both these will be in their respective logs. You are currently testing the Alpha version so there would certainly be some kinks that need to be hammered out. There should be quite a few fixes in the upcoming beta version.

I hope this information helps!

Cheers!

Thanks Ash!

I’m not afraid of a few alpha bugs, I’m happy to get in early and do what I can to test. I’m much stronger on the sysadmin side, than netadmin, but I’ll see what I can turn up related to a span, or tap. Presumably that’s something I would provision on a switch?

Hi,

I think of trying using opnids in parallel to opensense. If i understand the architecture with span/tap, it means, that you just have to use one nic, as this is a “sniffer”? Of course, the port it hangs on must have access to all available networks (including WAN)?

Having 2 boxes in parallel for ids and proxy would make sense for me, as i have 2 pcengins laying around. This could only be a small boost for my network…?