Replies: 2 comments
-
|
Have you reviewed the documentation on adding integrations? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
ElasticSearch does not have an integration for ZenArmour, but Zenazrmour can use ElasticSearch as a remote database. Once enabled, there are index templates and Kibana dashboards which can be imported. I am looking for a way to allow Zenarmour write access to the ElasticSearch instance in SO. This will help me to get a single pane view of all the logs and reports generated on the network. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.10
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Standalone
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
4
RAM
32
Storage for /
256
Storage for /nsm
512
Network Traffic Collection
other (please provide detail below)
Network Traffic Speeds
Less than 1Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
I am keen to include ZenArmor traffic data along with other logs. ZenArmour has the ability to use a remote ElasticSearch instance as a reportting database. ElasticSearch has pre-defined templates and creates indices automatically. I have tested on a seperate system running ELK stack and it works fine. However, I am unable to replicate this on Security onion.
Has anyone managed to use the Elasticsearch instance in Security Onion as a remote database for ZenArmor? How do I configure Security Onion to allow ZenArmor traffic logs?
Requirments
https://www.zenarmor.com/docs/guides/remote-elasticsearch-zenarmor-reporting
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions