Cannot use elasticSearch REST API from remote #12361
Replies: 3 comments
-
|
Enabling advanced settings will give you access to the "elasticsearch_rest" hostgroup. |
Beta Was this translation helpful? Give feedback.
-
|
Hi Pete,
Thanks a lot for your response.
I am a newcomer to Security Onion. May I know how to enable advanced
settings?
Regards
Jonathan
…On Thu, Feb 15, 2024 at 5:41 AM Pete ***@***.***> wrote:
Enabling advanced settings will give you access to the
"elasticsearch_rest" hostgroup.
—
Reply to this email directly, view it on GitHub
<#12361 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ATBNDGP6J665NI4LTNUCJOTYTYGCHAVCNFSM6AAAAABDJIZI2KVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DINZZHAYDM>
.
You are receiving this because you authored the thread.Message ID:
<Security-Onion-Solutions/securityonion/repo-discussions/12361/comments/8479806
@github.com>
|
Beta Was this translation helpful? Give feedback.
-
|
SOC customization is described here. You select Administration and Configuration on the left pane to get there. At the top of the first screenshot, just to the right of where it says "Grid Configuration," there's a dropdown labeled "Options." Clicking that allows you to "show all configurable settings, including advanced settings." Then scroll down to expand firewall and hostgroups and you'll see the additional groups that are available. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.40
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Standalone
Location
on-prem with Internet access
Hardware Specs
Meets minimum requirements
CPU
4
RAM
32Gb
Storage for /
500G
Storage for /nsm
500G
Network Traffic Collection
tap
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
I can run curl -k https://192.168.87.163:9200/_cat/indices -u userName:PASSWORD in Security Onion local host. But when I try to run same elasticSearch REST API in remote(POSTMAN), it returns error message as attachment.
As my version is 2.5.40, there is not so-allow command available, and I am not sure which firewall hostgroups maps to Elasticsearch REST API (port 9200), so I add IP range to searchnode, managesearch and fleet, and elasticsearch config is enabled.
Please advise what configuration I missed, many thank.
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions