You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Yes, there are salt failures (please provide detail below)
Logs
Yes, there are additional clues in /opt/so/log/ (please provide detail below)
Detail
BACKGROUND:
I am looking to implement Security Onion based on the configurations highlighted above within an Azure Government cloud environment.
I'm looking to build a Distributed Environment (Manager, 1x Forward, 1x Search).
I provide Managed Services Provider (MSP) type services to a couple of people and looking to implement a SIEM to collect their syslog log and endpoint detection data using Elastic Agent. One entity has 3 Windows 11 Pro endpoints.
The plan is to install Elastic Agent on the endpoints and logging would be forwarded to my Forward Node located in my Azure Cloud GCCH environment.
This entity also has an Azure Government environment (GCC/GCCH) to include O365 Government.
QUESTIONS:
How do I collect log and endpoint data from their Azure + O365 cloud environment, and forward that data to my Forward node that resides in my Azure cloud environment.
Should I use Beats or (Filebeat or Winlogbeat) instead of Elastic Agent if Windows Defender is used?
CONCLUSION:
Elastic Agent would collect and forward their data within their Azure cloud (Win11 endpoints, Azure, and O365) and forward the data to my Azure cloud where my Security Onion Distributed servers reside resides?
Guidelines
I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.120
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Distributed
Location
cloud
Hardware Specs
Meets minimum requirements
CPU
4
RAM
32
Storage for /
300
Storage for /nsm
200
Network Traffic Collection
other (please provide detail below)
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
Yes, there are salt failures (please provide detail below)
Logs
Yes, there are additional clues in /opt/so/log/ (please provide detail below)
Detail
BACKGROUND:
I am looking to implement Security Onion based on the configurations highlighted above within an Azure Government cloud environment.
I'm looking to build a Distributed Environment (Manager, 1x Forward, 1x Search).
I provide Managed Services Provider (MSP) type services to a couple of people and looking to implement a SIEM to collect their syslog log and endpoint detection data using Elastic Agent. One entity has 3 Windows 11 Pro endpoints.
The plan is to install Elastic Agent on the endpoints and logging would be forwarded to my Forward Node located in my Azure Cloud GCCH environment.
This entity also has an Azure Government environment (GCC/GCCH) to include O365 Government.
QUESTIONS:
How do I collect log and endpoint data from their Azure + O365 cloud environment, and forward that data to my Forward node that resides in my Azure cloud environment.
Should I use Beats or (Filebeat or Winlogbeat) instead of Elastic Agent if Windows Defender is used?
CONCLUSION:
Elastic Agent would collect and forward their data within their Azure cloud (Win11 endpoints, Azure, and O365) and forward the data to my Azure cloud where my Security Onion Distributed servers reside resides?
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions