Kibana

We are currently working on integrating the Elastic stack!

Description

From https://www.elastic.co/products/kibana :

Kibana lets you visualize your Elasticsearch data and navigate the Elastic Stack, so you can do anything from learning why you're getting paged at 2:00 a.m. to understanding the impact rain might have on your quarterly numbers.

Configuration

• Configuration files for Kibana can be found in /etc/kibana/.

• Other configuration options for Kibana can be found in /etc/nsm/securityonion.conf.

• Kibana logs can be found in /var/log/kibana/.

Plugins

To add a plugin to Kibana, you can expose the plugins directory to the host filesystem and then copy your plugins to that directory. For example, to load the kbn_network plugin you can do something like this:

Create a directory in the host filesystem to store plugins:

sudo mkdir -p /nsm/kibana/plugins

Download plugin to that directory:

wget -qO- https://github.com/dlumbrer/kbn_network/releases/download/6.0.X-1/network_vis.tar.gz | sudo tar xvz -C /nsm/kibana/plugins

Modify Kibana options to mount that directory into the container:

sudo sed -i 's|KIBANA_OPTIONS=""|KIBANA_OPTIONS="--volume /nsm/kibana/plugins:/usr/share/kibana/plugins:ro"|g' /etc/nsm/securityonion.conf

Stop the Kibana container:

sudo docker stop so-kibana

Destroy the Kibana container:

sudo docker rm so-kibana

Start a new Kibana container:

sudo so-elastic-start-kibana