Security Onion Elastic NAT Guide #14495
Replies: 1 comment 1 reply
-
|
If you're publishing a DNS record for the outside agents to connect to, you can use the Custom FQDN configuration option. elasticfleet > config > server > custom_fqdn [adv] Docs: https://docs.securityonion.net/en/2.4/elastic-fleet.html#custom-fqdn-url |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
My apologies, I should have given some additional detail. There are a subset of SO users that need to be able to do this with only an IP due to only dropping in to the infrastructure in a temporary compacity to conduct a more hasty threat hunt. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Is there a guide that gives some steps to adding agents (External) to the fleet node (Internal) through a NAT? The main issue that I am having is getting the certificate to include the new hostname/IP for the agent to establish a connection. Understanding that the DMZ option is possible, but I think I am missing something....
Could someone make a recommendation on how we can reissue certs to all the agents (after initial build) maybe after adding it or is there a way during setup that you can add additional IPs/hostnames?
I am aware of custom FQDNs and the ability to create a DNS record. That won't be the possible for the architecture that a lot of those that I support are able to deploy. In most cases this is a hasty deployment and temporary that just needs to fall in place and deploy agents to collect host and network data for follow on analysis.
Beta Was this translation helpful? Give feedback.
All reactions