How to add elastalert*' to es_index_patterns setting

[sleepingbel]

Version

2.4.20

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Standalone

Location

other (please provide detail below)

Hardware Specs

Meets minimum requirements

CPU

8

RAM

26

Storage for /

200 gb

Storage for /nsm

1 tb

Network Traffic Collection

span port

Network Traffic Speeds

Less than 1Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

Yes, there are salt failures (please provide detail below)

Logs

No, there are no additional clues

Detail

It is a virtual machine on a esxi server, that I just installed in replacement of my 2.3 SO. Nice work guy's

In the documentation is not clear stated where I can add the value elastalert*' to the es_index_patterns setting

link to the documentation

Can someone clearly explain to me where this value should be added? The location of the config file?

Thanks in advance

Bart

Guidelines

• I have read the above statement and can confirm my post is relevant to Security Onion 2.4.

[cm-ops]

In the GUI, select Options and toggle on show all configurations (at the top). Then SOC > server > modules > Elastic > index and add it there.

[sleepingbel]

I do not see any index page when i follow your path in my version.
I have: soc > config > server > modules > Elastic but no index.

I have searched in all soc config value's and did not see the relevant place to add the elastalert value

[cm-ops]

You have to toggle on Advanced view - In the GUI, select Options and toggle on show all configurations (at the top)

[sleepingbel]

Thx