Clone this wiki locally
In addition, we've added the following:
Each component has its own Docker image.
You can get an idea of what this whole integration might look like at a high-level by viewing our proposed architecture diagram.
Technology Preview 3:
Technology Preview 2:
Technology Preview 1:
Please note the following MINIMUM requirements for the Elastic stack:
- 2 CPU cores
- 8GB RAM
Our Elastic integration is currently in Beta and so the usual warnings and disclaimers apply:
- Experimental Setup is BLEEDING EDGE and TOTALLY UNSUPPORTED!
- If this breaks your system, you get to keep both pieces!
- This is a work in progress and is in constant flux.
- This is intended to build a quick prototype proof of concept so you can see what our ultimate Elastic configuration might look like. This configuration will change drastically over time leading up to the final release.
- Do NOT run this on a system that you care about!
- Do NOT run this on a system that has data that you care about!
- This should only be run on a TEST box with TEST data!
- Experimental Setup may result in nausea, vomiting, or a burning sensation.
The easiest way to try the new Elastic integration is using our 14.04.5.5 (or newer) ISO image: http://blog.securityonion.net/2017/11/elastic-stack-beta-2-release-and.html
Alternatively, if you have an existing TEST installation or if you want to install using an ISO image other than our 14.04.5.5 (or newer), you can install the
securityonion-elastic package and then run
so-elastic-download as follows:
sudo soup sudo apt install securityonion-elastic sudo so-elastic-download
If you've already run Setup, you can then convert the box from ELSA to Elastic using so-elastic-configure:
If this is a fresh installation where you haven't run Setup yet, then you can instead run sosetup:
If you would like to install on your own preferred flavor of Ubuntu 14.04, you can follow steps 1-11 here:
sudo apt install securityonion-elastic sudo so-elastic-download sudo sosetup