Skip to content


doug edited this page Feb 12, 2019 · 40 revisions

Please note! We are migrating our documentation to You can find the latest version of this page at:

We've completed our initial integration of the Elastic Stack (Elasticsearch, Logstash, and Kibana)!

In addition, we've added the following:


Each component has its own Docker image.

You can get an idea of what this whole integration might look like at a high-level by viewing our proposed architecture diagram.

Blog Posts

General Availability:

Release Candidate 4:

Release Candidate 3:

Release Candidate 2:

Release Candidate 1:

Beta 3 Release:

Beta 2 Release:

Beta Release:

Alpha Release:

Technology Preview 3:

Technology Preview 2:

Technology Preview 1:


Doug Burks - State of the Onion

Hardware Requirements

Please note the following MINIMUM requirements for the Elastic stack:

  • 2 CPU cores
  • 8GB RAM


The easiest way to try the new Elastic integration is using our (or newer) ISO image:

Alternatively, if you have an existing TEST installation or if you want to install using an ISO image other than our (or newer), you can install the securityonion-elastic package and then run so-elastic-download as follows:

sudo soup
sudo apt install securityonion-elastic
sudo so-elastic-download

If this is a fresh installation where you haven't run Setup yet, then you can run sosetup:

sudo sosetup

If you would like to install on your own preferred flavor of Ubuntu 14.04, you can follow steps 1-11 here:

Then run:

sudo apt install securityonion-elastic 
sudo so-elastic-download 
sudo sosetup

Upgrading from ELSA to Elastic

For best results, we recommend performing a fresh installation, but if you really need to do an in-place upgrade from ELSA to Elastic, you can try the steps on the ELSA-to-Elastic page.

Clone this wiki locally
You can’t perform that action at this time.