Doug Burks edited this page Nov 30, 2017 · 26 revisions
Clone this wiki locally

We are currently working on integrating the Elastic Stack (Elasticsearch, Logstash, and Kibana)!

In addition, we've added the following:


Each component has its own Docker image.

You can get an idea of what this whole integration might look like at a high-level by viewing our proposed architecture diagram.

Blog Posts

Beta 2 Release:

Beta Release:

Alpha Release:

Technology Preview 3:

Technology Preview 2:

Technology Preview 1:


Doug Burks - State of the Onion

Hardware Requirements

Please note the following MINIMUM requirements for the Elastic stack:

  • 2 CPU cores
  • 8GB RAM


Our Elastic integration is currently in Beta and so the usual warnings and disclaimers apply:

  • Experimental Setup is BLEEDING EDGE and TOTALLY UNSUPPORTED!
  • If this breaks your system, you get to keep both pieces!
  • This is a work in progress and is in constant flux.
  • This is intended to build a quick prototype proof of concept so you can see what our ultimate Elastic configuration might look like. This configuration will change drastically over time leading up to the final release.
  • Do NOT run this on a system that you care about!
  • Do NOT run this on a system that has data that you care about!
  • This should only be run on a TEST box with TEST data!
  • Experimental Setup may result in nausea, vomiting, or a burning sensation.


The easiest way to try the new Elastic integration is using our (or newer) ISO image: http://blog.securityonion.net/2017/11/elastic-stack-beta-2-release-and.html

Alternatively, if you have an existing TEST installation or if you want to install using an ISO image other than our (or newer), you can install the securityonion-elastic package and then run so-elastic-download as follows:

sudo soup
sudo apt install securityonion-elastic
sudo so-elastic-download

If you've already run Setup, you can then convert the box from ELSA to Elastic using so-elastic-configure:

sudo so-elastic-configure

If this is a fresh installation where you haven't run Setup yet, then you can instead run sosetup:

sudo sosetup

If you would like to install on your own preferred flavor of Ubuntu 14.04, you can follow steps 1-11 here:


Then run:

sudo apt install securityonion-elastic 
sudo so-elastic-download 
sudo sosetup