Elastic Stack

Security Onion includes the Elastic Stack:

Elasticsearch

Logstash

Kibana

In addition, we’ve added the following:

Curator

DomainStats

ElastAlert

FreqServer

Each of the components above has its own Docker image.

You can get an idea of what this whole integration looks like at a high-level by viewing our architecture diagram.

• Elasticsearch
  • Configuration
  • Logs
  • Distributed
  • Master
  • Forward Nodes
  • Heavy Nodes
  • Storage Nodes
  • Removing a node from the master
  • Storage
  • Snapshots
• Logstash
  • Configuration
  • Adding New Logs or Modifying Existing Parsing
  • Queue
  • Data Fields
  • Log
  • Errors
  • LOGSTASH_MINIMAL
• Kibana
  • Screenshot
  • Authentication
  • Configuration
  • Pivoting
  • Search Results
  • Search Request Timeout
  • Timestamps
  • Plugins
• ElastAlert
  • Configuration
  • More Information
• Curator
  • Actions
• FreqServer
  • Configuration
  • Kibana
  • DNS Highest Registered Domain Frequency Analysis
  • DNS Parent Domain Frequency Analysis
  • HTTP Frequency Analysis
  • SSL Certificate Common Name Frequency Analysis
  • SSL Certificate Server Name Frequency Analysis
  • SSL Certificate Issuer Name Frequency Analysis
  • X.509 Certificate Common Name Frequency Analysis
  • X.509 Certificate Issuer Organization Frequency Analysis
  • X.509 Certificate Issuer Frequency Analysis
• DomainStats
  • Configuration
  • Kibana
• Docker
  • Images
  • Registry
  • Sneakernet Updates
  • Networking
  • Bridge
  • Containers
  • Download
  • Update
  • Security
  • VMware Tools
• Redis
  • Queue
  • Tuning
• Data Fields
  • Fields
  • Template files
• Alert Data Fields
• Zeek Fields
  • conn.log
  • dhcp.log
  • dns.log
  • dpd.log
  • files.log
  • ftp.log
  • http.log
  • intel.log
  • irc.log
  • kerberos.log
  • modbus.log
  • mysql.log
  • notice.log
  • pe.log
  • radius.log
  • rdp.log
  • rfb.log
  • signatures.log
  • sip.log
  • smtp.log
  • snmp.log
  • socks.log
  • software.log
  • ssh.log
  • ssl.log
  • syslog.log
  • tunnel.log
  • weird.log
  • x509.log
  • Pivot Fields
• Elastalert Fields
• Re-Indexing
• Elastic Features
  • Screenshots
  • Q&A
• Elastic Auth