Simplest SecOnion Lab?

[BaguHanto]

I will be on the move for the next few months and I am attempting to setup a very simple lab.

I simply want to log and analyze some basic traffic in and out of my laptop. My thoughts are to setup a sec onion VM and wither import wireshark pcaps or use sec onions native tools to pcap.

Specs
Processor Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz 2.50 GHz
Installed RAM 16.0 GB (15.4 GB usable)
System type 64-bit operating system, x64-based processor
Storage 500gb

With my laptop only having 2 cores I figured I would run a script at night to visit some websites so it doesn't bog me down during the day while working.

I have read through some documentation and I have no clue which mode is best. Some say eval, some say import, etc. Also the network configuration is odd. I follow the setups and I keep getting "invalid credentials" when trying to access SOC.

My linux experience is pretty minimal and its safe to say I have very little idea what I am doing.

[Acewiza]

"My linux experience is pretty minimal and its safe to say I have very little idea what I am doing."

Under these circumstances, I'd recommend getting a new laptop for your workstation and use the old one to explore SO. Don't hesitate to just re-install after borking it multiple times. At least that way the learning curve impacts productivity less. ;-)

[Bagu-Hanto]

Buying another workstation is not an option at the moment.

[dougburks]

The simplest option would be to follow the steps at https://docs.securityonion.net/en/2.3/first-time-users.html to perform an IMPORT installation.

[BaguHanto]

Hey Doug! That was the first install that I did, but ended up running into issues trying to access SOC. I kept getting the invalid credentials message. I went through first timers guide 3 times with new VMs and I got denied logging into the SOC each time. I am wondering if it is a networking issue. I am traveling and my IP address changes often since I am hoping on different access points.

More then likely it is a simple issue I keep glossing over. I will try again today to see what happens.