osquery, strelka, sysmon logs missing from dashboard and hunt

[vanh20]

Hello Everyone!

I would like to direct this query to the developers.

Scenario: I attended the instructor-led training online on May 2022. We were given a zip file for practice using a Standalone install. My Security Onion was timely for the release at that time (version 2.3.110). Everything went well. However, after a few upgrades of Security Onion, I noticed the logs osquery, strelka and sysmon (I followed Sir Bryant's Sysmon for Linux page and it was working for a while) when out of the blue the mentioned logs above (and it was only then I noticed) are nowhere to be found from the dashboard and hunt interfaces.

So, after searching, I saw this page, specifically the section that says... `````

Elastic Agent and Elastic Fleet

Our primary endpoint agent will be Elastic Agent. It replaces osquery, beats, and Wazuh and is easily managed in Elastic Fleet, giving more control over upgrades. Users will also be able to deploy agents in standalone (unmanaged) mode if they choose to do so.

So, I'd like clarification on these issues:

1. are these features going away, hence these logs are no longer reflected? Is there a workaround for now? btw - I tried reinstalling my Standalone Manager Node and these logs are present still. Only after I installed and ran the training scenarios that these logs started to disappear.
2. will there only be one agent left in the end come 2.4? Or, will these be turned into a paid feature down the road?
3. will velociraptor integration (because of SOAR) be made mainstream or paid feature as well?

Thank you Security Onion for giving the community a very much capable platform for hunting evil. I especially enjoyed utilizing the dashboards and seing almost instantly where things are coming from. :) 👍

[vanh20]

I guess, the answer is already there above. I'm excited to tryout SO 2.4 and see which features made it up there. :)

Many thanks to SO-developers! :)