Can Security Onion in the Cloud Collect and Separate Logs by Branch?

[SankaGamage]

Hi All,,

These days, I’m researching if Security Onion can help me with the following setup:

• Requirement:

1. I want to deploy Security Onion in the cloud.
2. Send logs from multiple branch offices to this central server.
3. Keep the logs for each branch separate (saved in different locations or indexes).
4. Monitor everything in a single dashboard but with the ability to view logs for each branch separately.

• My Questions:

1. Is this possible with Security Onion?
2. If yes, what’s the simplest way to set this up?
3. How can I secure log transfer and make sure the logs from each branch don’t mix?

Thanks for your help and guidance!

[InfosecGoon]

The simplest answer here would be to deploy a ManagerSearch node in the cloud, and then Heavy nodes at each branch. That way, the logs will remain local at the branch but be searchable from a central location.

I'm assuming that by "logs" you mean network traffic logs generated by the branches?

[SankaGamage]

The simplest answer here would be to deploy a ManagerSearch node in the cloud, and then Heavy nodes at each branch. That way, the logs will remain local at the branch but be searchable from a central location.

I'm assuming that by "logs" you mean network traffic logs generated by the branches?

"Heavy nodes are NOT recommended for most users due to performance reasons, and should only be used for testing purposes or in low-throughput environments." - SecOnion Documentation

?