Elastic Stack¶
Security Onion includes the Elastic Stack:
In addition, we’ve added the following:
Each of the components above has its own Docker image.
You can get an idea of what this whole integration looks like at a high-level by viewing our architecture diagram.
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- Configuration
- Kibana
- DNS Highest Registered Domain Frequency Analysis
- DNS Parent Domain Frequency Analysis
- HTTP Frequency Analysis
- SSL Certificate Common Name Frequency Analysis
- SSL Certificate Server Name Frequency Analysis
- SSL Certificate Issuer Name Frequency Analysis
- X.509 Certificate Common Name Frequency Analysis
- X.509 Certificate Issuer Organization Frequency Analysis
- X.509 Certificate Issuer Frequency Analysis
- DomainStats
- Docker
- Redis
- Data Fields
- Alert Data Fields
- Zeek Fields
- Elastalert Fields
- Re-Indexing
- Elastic Features
- Elastic Auth