Skip to content
/ SecurityOnionIntegration Public

Configuration files and script to easily configure Security Onion to send data to GRID via DVM

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DefenseStorm/SecurityOnionIntegration

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
DVM.conf
DVM.conf
 
 
DVM.conf.2.4
DVM.conf.2.4
 
 
README.md
README.md
 
 
defensestorm.conf
defensestorm.conf
 
 
setup.sh
setup.sh
 
 

Repository files navigation

This tool provides an easy configuration tool to setup SecuriyOnion 2.3/2.4 for sending event data to a DVM and to GRID.

To install this tool:

  • Log into your SecurityOnion server via SSH

NOTE: On a multi-node SO deployment, run this script on the master to deploy and reboot the storage node to take effect immediately (or give it time to pushout)

  • use this comand to get the latest copy of this Integraiton:

git clone https://github.com/DefenseStorm/SecurityOnionIntegration.git

Run the script with sudo and provide the DVM IP address and the script will automatically configure SecurityOnion.

cd SecurityOnionIntegration

sudo ./setup.sh

The following Files will be added/modified in SecurityOnion:

  • /opt/so/saltstack/local/salt/logstash/pipelines/config/custom/DVM.conf
  • /opt/so/saltstack/local/pillar/logstash/search.sls

POST SETUP:

Restart logstash:

sudo so-logstash-restart

Check for Errors:

sudo tail -f /opt/so/log/logstash/logstash.log

NOTE: Refer to the additional steps required for SO setup in the DefenseStorm KB.

About

Configuration files and script to easily configure Security Onion to send data to GRID via DVM

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages