Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Clone this wiki locally
Kibana lets you visualize your Elasticsearch data and navigate the Elastic Stack, so you can do anything from learning why you're getting paged at 2:00 a.m. to understanding the impact rain might have on your quarterly numbers.
Configuration files for Kibana can be found in
Other configuration options for Kibana can be found in
Kibana logs can be found in
Kibana uses multiple hyperlinked fields to accelerate investigations and decision-making:
When present, clicking the
_id field allows an analyst to pivot to transcript via CapMe.
When present, clicking these fields allows an analyst to pivot to the Indicator dashboard, where a variety of information is presented relative to the term:value.
To add a plugin to Kibana, you can expose the plugins directory to the host filesystem and then copy your plugins to that directory. For example, to load the kbn_network plugin you can do something like this:
Create a directory in the host filesystem to store plugins:
sudo mkdir -p /nsm/kibana/plugins
Download plugin to that directory:
wget -qO- https://github.com/dlumbrer/kbn_network/releases/download/6.0.X-1/network_vis.tar.gz | sudo tar xvz -C /nsm/kibana/plugins
Modify Kibana options to mount that directory into the container:
sudo sed -i 's|KIBANA_OPTIONS=""|KIBANA_OPTIONS="--volume /nsm/kibana/plugins:/usr/share/kibana/plugins:ro"|g' /etc/nsm/securityonion.conf