-
Notifications
You must be signed in to change notification settings - Fork 521
Elastic
Please note! We are migrating our documentation to https://securityonion.net/docs/. You can find the latest version of this page at: https://securityonion.net/docs/Elastic.
We've completed our initial integration of the Elastic Stack (Elasticsearch, Logstash, and Kibana)!
In addition, we've added the following:
Curator
DomainStats
ElastAlert
FreqServer
Each component has its own Docker image.
You can get an idea of what this whole integration might look like at a high-level by viewing our proposed architecture diagram.
General Availability:
https://blog.securityonion.net/2018/04/security-onion-elastic-stack-general.html
Release Candidate 4:
https://blog.securityonion.net/2018/03/security-onion-elastic-stack-release_28.html
Release Candidate 3:
https://blog.securityonion.net/2018/03/security-onion-elastic-stack-release.html
Release Candidate 2:
https://blog.securityonion.net/2018/02/security-onion-elastic-stack-release.html
Release Candidate 1:
https://blog.securityonion.net/2018/01/security-onion-elastic-stack-release.html
Beta 3 Release:
https://blog.securityonion.net/2017/12/security-onion-elastic-stack-beta-3.html
Beta 2 Release:
https://blog.securityonion.net/2017/11/elastic-stack-beta-2-release-and.html
Beta Release:
https://blog.securityonion.net/2017/11/elastic-stack-beta-release-and-security.html
Alpha Release:
https://blog.securityonion.net/2017/09/elastic-stack-alpha-release-and.html
Technology Preview 3:
https://blog.securityonion.net/2017/07/towards-elastic-on-security-onion.html
Technology Preview 2:
https://blog.securityonion.net/2017/06/towards-elastic-on-security-onion.html
Technology Preview 1:
https://blog.securityonion.net/2017/03/towards-elk-on-security-onion.html
Doug Burks - State of the Onion
Please note the following MINIMUM requirements for the Elastic stack:
- 2 CPU cores
- 8GB RAM
The easiest way to try the new Elastic integration is using our 14.04.5.11 (or newer) ISO image: https://blog.securityonion.net/2018/04/security-onion-elastic-stack-general.html
Alternatively, if you have an existing TEST installation or if you want to install using an ISO image other than our 14.04.5.11 (or newer), you can install the securityonion-elastic
package and then run so-elastic-download
as follows:
sudo soup
sudo apt install securityonion-elastic
sudo so-elastic-download
If this is a fresh installation where you haven't run Setup yet, then you can run sosetup:
sudo sosetup
If you would like to install on your own preferred flavor of Ubuntu 14.04, you can follow steps 1-11 here:
https://github.com/Security-Onion-Solutions/security-onion/wiki/InstallingOnUbuntu
Then run:
sudo apt install securityonion-elastic
sudo so-elastic-download
sudo sosetup
For best results, we recommend performing a fresh installation, but if you really need to do an in-place upgrade from ELSA to Elastic, you can try the steps on the ELSA-to-Elastic page.
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs