Elastic Architecture
Below is the current proposed architecture of Security Onion on the Elastic Stack:
PLEASE NOTE: This is subject to change, and may not reflect the final version of Security Onion on the Elastic Stack.
Since work has begun migrating to the Elastic Stack, Security Onion has maintained a consistent approach to adding new components. These new components consist of Docker images based on CentOS 7:
Logstash - Parse and format logs.
Elasticsearch - Ingest and index logs.
Kibana - Visualize ingested log data.
Curator - Manage indices through scheduled maintenance.
ElastAlert - Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information.
FreqServer -Detect DGAs and find random file names, script names, process names, service names, workstation names, TLS certificate subjects and issuer subjects, etc.
DomainStats - Get additional info about a domain by providing additional context, such as creation time, age, reputation, etc.
