[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: [security-onion] Need Advice
From: "'Justin Engbroten' via security-onion" <security-onion () googlegroups ! com>
Date: 2021-03-13 16:21:08
Message-ID: 0ce8267e-c202-4ffa-8835-4f84de93e3bbn () googlegroups ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
So we had Elastic services go down after updating and they were down for
approx 19 hours. Of course, we had an incident in that time period in which
we need to search logs in Kibana. We are needing to view the user's post
and get request for a few IPs as well as pcap data if possible. I know the
logs are on the servers, I'm just not sure what the most efficient way of
obtaining this information and putting it together. I am currently viewing
bro logs and parsing out data but it's obviously taking forever and I'm
still not sure the best route to take here. Any help is greatly appreciated!
--
Please keep in mind that Security Onion 16.04 reaches End Of Life soon!
https://blog.securityonion.net/2020/10/6-month-eol-notice-for-security-onion.html
---
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To view this \
discussion on the web visit \
https://groups.google.com/d/msgid/security-onion/0ce8267e-c202-4ffa-8835-4f84de93e3bbn%40googlegroups.com.
[Attachment #5 (text/html)]
So we had Elastic services go down after updating and they were down for approx \
19 hours. Of course, we had an incident in that time period in which we need to \
search logs in Kibana. We are needing to view the user's post and get request for a \
few IPs as well as pcap data if possible. I know the logs are on the servers, I'm \
just not sure what the most efficient way of obtaining this information and putting \
it together. I am currently viewing bro logs and parsing out data but it's obviously \
taking forever and I'm still not sure the best route to take here. Any help is \
greatly appreciated!
<p></p>
-- <br />
Please keep in mind that Security Onion 16.04 reaches End Of Life soon!<br />
<a href="https://blog.securityonion.net/2020/10/6-month-eol-notice-for-security-onion. \
html">https://blog.securityonion.net/2020/10/6-month-eol-notice-for-security-onion.html</a><br \
/>
--- <br />
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br /> To unsubscribe from this group and stop \
receiving emails from it, send an email to <a \
href="mailto:security-onion+unsubscribe@googlegroups.com">security-onion+unsubscribe@googlegroups.com</a>.<br \
/> To view this discussion on the web visit <a \
href="https://groups.google.com/d/msgid/security-onion/0ce8267e-c202-4ffa-8835-4f84de9 \
3e3bbn%40googlegroups.com?utm_medium=email&utm_source=footer">https://groups.google.co \
m/d/msgid/security-onion/0ce8267e-c202-4ffa-8835-4f84de93e3bbn%40googlegroups.com</a>.<br \
/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic