-
-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EveBox on Security Onion ( Docker) #189
Comments
I'm not familar enough with Security Onion to really say. But essentially find the hostname where Elasticsearch answers on port 9200 and point EveBox there..
if its an If it requires a username and password you'll have to create a small configuration file:
hopefull that gets you a start. |
I made a config file as test.yaml: docker swarm init [root@securityonion evebox-0.14.0]# docker service create --name evebox --config test jasonish/evebox:latest It is stuck here and nothing happens. |
Can you get the evebox output? It should display why it can't connect to Elastic. |
Also see #148. You'll likely need to use a host name in the url, not an IP address of the cert is self signed. |
I did manage to connect EveBox to Elasticsearch on Security Onion but its still not usable. EveBox supports Suricata events added to Elasticsearch with Logstash, Filebeat, and Filebeat with the Suricata modules which uses Elastic Common Schema (ECS), none of which match the schema that Security Onion uses. |
Thank you for putting time. At least I know at the moment there is no way and wont put much more time on it. |
Anyways, Can you please share the config file and the commands you used for the connection? |
My configuration file is:
And my Docker command was...
On startup you should see something like:
I used my |
Is there a way to install Evebox on the Raspberry Pi 4, Aarch64? |
Yes, there are arm64/aarch64 binaries in the download directories. The Docker containers will also work on arm64. |
Closing. New issue for Security Onion schema support is at #190. |
I am running a security onion 2.3.91 vm and it is a secured one on dockers.
How can I integrate or add the evebox to the existing elasticsearch?
The text was updated successfully, but these errors were encountered: