Elastic Stack Beta 3

- [x] Elasticsearch
  - [x] [Elasticsearch 5.6.5](https://www.elastic.co/guide/en/elasticsearch/reference/5.6/release-notes-5.6.5.html)

- [x] Kibana
  - [x] [Kibana 5.6.5](https://www.elastic.co/guide/en/kibana/5.6/release-notes-5.6.5.html)
  - [x] [load settings via new API](https://github.com/dougburks/elastic-test/commit/e4a9c4f1d972c6d922406e197e8686580650003b)
  - [x] [load dashboards via new API](https://github.com/dougburks/elastic-test/commit/e34a8836e7b9665bb096e2764648aba4d3e0203c)
  - [x] [update new Home - Sensors - Count TSVB viz to search cross cluster (`*:logstash-*` instead of `logstash-*`)](https://github.com/dougburks/elastic-test/commit/f0da619941e967f7054ac21895bc42cf5fa721a5) and check other TSVB viz as well
  - [x] [move FreqServer visualizations to a separate dashboard to avoid leaving blank space on dashboards when FreqServer is disabled](https://github.com/dougburks/elastic-test/commit/64e4d183a6212fe6a4a59528bd68489a66cb5a7c)
  - [x] [move DomainStats visualizations to a separate dashboard to avoid leaving blank space on dashboards when DomainStats is disabled](https://github.com/dougburks/elastic-test/commit/64e4d183a6212fe6a4a59528bd68489a66cb5a7c)
  - [x] [on Software and Syslog dashboards, search panel at bottom should not display _id by default since pivoting to CapMe won't work](https://github.com/dougburks/elastic-test/commit/64e4d183a6212fe6a4a59528bd68489a66cb5a7c)
  - [x] [Bro - SNMP Duration field needs to be set to Duration - Seconds - Seconds - 6 Decimal Places](https://github.com/dougburks/elastic-test/commit/0a3f8e3533daf232cf8b5969b35c1e6bbf1a7dd9)
  - [x] [improve Help page, add more Getting Started information](https://github.com/dougburks/elastic-test/commit/64e4d183a6212fe6a4a59528bd68489a66cb5a7c)
  - [x] [add basic dashboard for Beats](https://github.com/dougburks/elastic-test/commit/1b53ceadf37de279ab0418dc7c61f74c7df3c36e)

- [x] Logstash
  - [x] [Logstash 5.6.5](https://www.elastic.co/guide/en/logstash/5.6/logstash-5-6-5.html)
  - [x] [stop using _all](https://github.com/dougburks/elastic-test/pull/106)
  - [x] move to a [single mapping type](https://www.elastic.co/guide/en/elasticsearch/reference/6.0/removal-of-types.html):
https://github.com/dougburks/elastic-test/commit/4a1ae52d98261aa84b81c45e4bf7dc0d401e95bf
  - [x] [allow user to expose logstash ports to network to send logs from external sources](https://github.com/dougburks/elastic-test/pull/143)
  - [x] support for beats input port 5044:
https://github.com/dougburks/elastic-test/commit/4a1ae52d98261aa84b81c45e4bf7dc0d401e95bf
https://github.com/dougburks/elastic-test/commit/cb84aaf876e1c785fe69046834ae26badf7af609
https://github.com/dougburks/elastic-test/pull/144
  - [x] [support for beats output](https://github.com/dougburks/elastic-test/pull/144)
  - [x] grok parser error for Microsoft-Windows-Sysmon/Operational #1182

- [x] so-elastic-download
  - [x] [check to see if components are installed before trying to install](https://github.com/dougburks/elastic-test/commit/58fe2e8c468cad39d7edc184219fa19a59172142#diff-76dbf96f039d0db9a9ceb4ba64d2b7ec)
  - [x] [upon successul installation of all components, write `INSTALLED="yes"` into `/etc/nsm/elasticdownload.conf`](https://github.com/dougburks/elastic-test/commit/58fe2e8c468cad39d7edc184219fa19a59172142#diff-76dbf96f039d0db9a9ceb4ba64d2b7ec)
  - [x] [at start of script, if `INSTALLED="yes"`, then exit immediately](https://github.com/dougburks/elastic-test/commit/58fe2e8c468cad39d7edc184219fa19a59172142#diff-76dbf96f039d0db9a9ceb4ba64d2b7ec)

- [x] CapMe
  - [x] [search event_type](https://github.com/dougburks/elastic-test/commit/239024bd67685ff7aaff001f1486811b2c02ec20)

- [x] Docker
  - [x] [allow user to configure `docker0` interface via `/etc/nsm/securityonion.conf`](https://github.com/dougburks/elastic-test/pull/142)
  - [x] [documentation for proxying multiple Docker clients](https://github.com/Security-Onion-Solutions/security-onion/wiki/Docker#registry)

- [x] ElastAlert
  - [x] [update elastalert rules to event_type and doc_type logs](https://github.com/dougburks/elastic-test/commit/fb692fdd78e349e81230390d190e89c11ce5bc2e)

- [x] Setup
  - [x] improve `HIGHEST_REVERSE_PORT` detection for sensors joining master:
https://groups.google.com/d/topic/security-onion/EsbeYoh4ymU/discussion
https://github.com/dougburks/elastic-test/commit/f04be5d9c401f13f120e815d0f640b583478e3ac
https://github.com/dougburks/elastic-test/commit/d4ed5c69e12b819fecea426f93caabbe317864ba
  - [x] [fix verbiage for Elasticsearch disk usage](https://github.com/dougburks/elastic-test/pull/145)

- [x] so-allow-elastic
  - [x] [allow user to open logstash ports in firewall](https://github.com/dougburks/elastic-test/blob/master/usr/sbin/so-allow-elastic)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Elastic Stack Beta 3 #1172

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Elastic Stack Beta 3 #1172

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions