Hello Team,
First of all, I would like to thank you for your efforts in this amazing project. The resulting product is superb..
It would be greatly appreciated, as I have been trying to find a solution, for the possibility to integrate port mirroring capability within IPFire, perhaps like netsniff-ng. This is to feed internet traffic to a SIEM or NSM. If that ever becomes enabled, then a wazuh addon would be nice as well.
I was thinking... IPFire connects to a SIEM/NSM (eg. Splunk, SecurityOnion, ...) via dedicated VPN tunnel (eg. OpenVPN) or Extra Physical Port. In order to feed internet traffic, port mirroring would be required (eg. netsniff-ng), While, wazuh would be a nice touch for security monitoring of the IPFire box itself.
Internet <- IPFire -> VPN tunnel/physical port -> SIEM/NSM
Hope this becomes a reality. Thank you again, you awesome people.
Best regards,
Michelle
-
Michelle Ako