In addition, we've added the following:
Each component has its own Docker image.
You can get an idea of what this whole integration might look like at a high-level by viewing our proposed architecture diagram.
Release Candidate 4:
Release Candidate 3:
Release Candidate 2:
Release Candidate 1:
Technology Preview 3:
Technology Preview 2:
Technology Preview 1:
Please note the following MINIMUM requirements for the Elastic stack:
- 2 CPU cores
- 8GB RAM
The easiest way to try the new Elastic integration is using our 14.04.5.11 (or newer) ISO image: https://blog.securityonion.net/2018/04/security-onion-elastic-stack-general.html
Alternatively, if you have an existing TEST installation or if you want to install using an ISO image other than our 14.04.5.11 (or newer), you can install the
securityonion-elastic package and then run
so-elastic-download as follows:
sudo soup sudo apt install securityonion-elastic sudo so-elastic-download
If this is a fresh installation where you haven't run Setup yet, then you can run sosetup:
If you would like to install on your own preferred flavor of Ubuntu 14.04, you can follow steps 1-11 here:
sudo apt install securityonion-elastic sudo so-elastic-download sudo sosetup
Upgrading from ELSA to Elastic
For best results, we recommend performing a fresh installation, but if you really need to do an in-place upgrade from ELSA to Elastic, you can try the steps on the ELSA-to-Elastic page.