Chris Rimondi and I had the opportunity to co-present at BSides Augusta recently talking about Security Onion (SO) data sources, learning with SO for Splunk and how you can transfer that knowledge and understanding to ELSA. As part of our talk we announced several new log parsers and dashboards we’ve made available to Doug Burks and Scott Runnels for inclusion in SO and Martin Holste for inclusion in ELSA: https://github.com/ChrisRimondi/Bro_ELSA_Parsers
if you missed the talk, Martin Holste has introduced some major changes to ELSA’s architecture this year that will soon be coming to SO, most notably the ELSA web/API and the forwarding capabilities. We also demonstrated how you can leverage conditional data from non-SO data sources to supplement your hunting. Video below and slides available here: BSides_Augusta
Since we didn’t have much time to demo the dashboards, I wanted to get some screenshots up to give SO and ELSA users a glimpse of what’s to come. In addition to the dashboards below, the previously released Web Monitor dashboard is included in the release: https://github.com/brad-shoop/elsa_dashboards.