-
Notifications
You must be signed in to change notification settings - Fork 521
Kibana
From https://www.elastic.co/products/kibana :
Kibana lets you visualize your Elasticsearch data and navigate the Elastic Stack, so you can do anything from learning why you're getting paged at 2:00 a.m. to understanding the impact rain might have on your quarterly numbers.
-
Configuration files for Kibana can be found in
/etc/kibana/. -
Other configuration options for Kibana can be found in
/etc/nsm/securityonion.conf. -
Kibana logs can be found in
/var/log/kibana/.
Kibana uses multiple hyperlinked fields to accelerate investigations and decision-making:
When present, clicking the _id field allows an analyst to pivot to transcript via CapMe.
When present, clicking these fields allows an analyst to pivot to the Indicator dashboard, where a variety of information is presented relative to the term:value.
uid
source_ip
source_port
destination_ip
destination_port
To add a plugin to Kibana, you can expose the plugins directory to the host filesystem and then copy your plugins to that directory. For example, to load the kbn_network plugin you can do something like this:
Create a directory in the host filesystem to store plugins:
sudo mkdir -p /nsm/kibana/plugins
Download plugin to that directory:
wget -qO- https://github.com/dlumbrer/kbn_network/releases/download/6.0.X-2/network_vis.tar.gz | sudo tar xvz -C /nsm/kibana/plugins
Modify Kibana options to mount that directory into the container:
sudo sed -i 's|KIBANA_OPTIONS=""|KIBANA_OPTIONS="--volume /nsm/kibana/plugins:/usr/share/kibana/plugins:ro"|g' /etc/nsm/securityonion.conf
Restart Kibana:
sudo so-kibana-restart
Search results in the dashboards and through Discover are limited to the first 10 results for a particular query. If you don't feel like this is adequate after narrowing your search, you can adjust the value for discover:sampleSize in Kibana by navigating to Management > Advanced Settings and changing the value. It may be best to change this value incrementally to see how it affects performance.
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs