Adding more integrations

[geistchevalier]

Version

2.4.30

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Standalone

Location

on-prem with Internet access

Hardware Specs

Exceeds minimum requirements

CPU

6

RAM

64GB

Storage for /

500GB

Storage for /nsm

2TB

Network Traffic Collection

tap

Network Traffic Speeds

Less than 1Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

Yes, there are salt failures (please provide detail below)

Logs

No, there are no additional clues

Detail

I noticed that there are some integrations for Elastic Fleet that are not available in the current security onion version (https://docs.securityonion.net/en/2.4/elastic-fleet.html#integrations), are there any plans to add integrations like mssql, mysql, iis, nginx, docker, etc to SO?
or is there a way for me to manually add the integrations that I need to SO?

Guidelines

• I have read the above statement and can confirm my post is relevant to Security Onion 2.4.

[devzerops]

I'm curious about the same thing. I tried searching for integration to collect Kubernetes API logs, but couldn't find a integrations.
elastic-package integration registry
I found similar content on this topic here, but I'm trying to find a solution or any methods to resolve it, and I haven't been successful so far.

[dougburks]

We plan to add integrations to the supported list at https://docs.securityonion.net/en/2.4/elastic-fleet.html#integrations as time goes on. Here's what we're adding for the upcoming 2.4.40 release: #11958.

[geistchevalier]

Can I assume that the integrations mentioned in this discussion will possibly be included in future updates? or do I need to create a request/issue to have them added in the future?

[dougburks]

We will take a look at additional integrations as time allows. Preference is given to integration requests from paid customers.