If you are running Elastic Stack with Security Onion for Intrusion Detection and Enterprise Security Monitoring, you already know the importance of report automation. Whether compliance or ad hoc, MSSPs can sink countless hours into reporting. The manual process of building and sending those reports means valuable resources are taken away from the role they were hired to perform.

With Skedler, now a Security Onion user with any user privilege can generate a report and automate its distribution. All you need is the Elasticsearch and Kibana Admin credentials to connect your Security Onion environment with Skedler. The focus of this blog post will be on how to email PDF, PNG, HTML Inline, Excel or CSV reports from the Security Onion using Skedler’s integration with Kibana.

What is Security Onion?

If you’ve never heard about Security Onion before, it is a Linux distro for Intrusion Detection, Network Security Monitoring, and Log Management. Security Onion by Doug Burks is a Ubuntu-based distribution containing many security tools such as Snort, Bro, OSSEC, Sguil, Squert, and more. The distribution allows an analyst to configure and run an intrusion detection system with complete monitoring and reporting capability in a few minutes.

Source: Security Onion website

Why Skedler Reports for Security Onion?

With Skedler, MSSPs can generate compliance reports (e.g. PCI ASV reports) quickly and easily to save countless man-hours, deliver reports 10x faster, and enable their customers to mitigate vulnerabilities more quickly. You can use filters to create specific reports for specific projects, allow users from high-level executives to technicians, and schedule reports to be delivered at any time.

Skedler Reports offers the most powerful, flexible, and easy-to-use data monitoring solution that companies use to exceed customer SLAs, achieve compliance, and empower internal IT and business leaders.

By using Skedler Reports, you can enjoy the following benefits:

• Simple installation, quick configuration, faster deployment
• Send visually appealing, personalized reports
• Report setup takes less than 5 minute
• Send PDF, PNG, HTML Inline, Excel or CSV reports on-demand or periodically via email or slack channel.
• Help users see and understand data faster with customized mobile & print-ready reports

How to generate reports from Security Onion using Skedler?

There are four basic steps to start generating Security Onion reports using Skedler:

Install Skedler

The obvious first step is installing Skedler on your machine. To download Skedler, you can click on this link and enter the required information. Once downloaded, you can start the installation depending on the OS type. We support Debian, Docker, Kubernetes, Linux, macOS, and Windows. You can refer to this Installation Guide to know more about the steps.

Activate Skedler

After installation, the next step is activation. An email will be sent to you after the download containing a license key. Using this key, you can activate Skedler both online and offline. Here is a sneak peak of the online activation steps:

You can watch the video tutorials for Online Activation and Offline Activation. If you wish to read the docs instead, you can find them here.

Connect Security Onion with Skedler

Skedler is now ready to start generating reports from any data source of your choice. It just needs you to connect it with the same. It takes less than a minute to connect any data source to Skedler. Moreover, you get to choose if the data source credentials will be embedded or prompted to the user to grant access.

Check out this quick tutorial video to see how easy it is!

Generate Security Onion Reports

Here comes the fun part! Without using a single line of code, now you can automate your Threat Analysis report, Vulnerability Report, and Network Traffic Analysis Report from Security Onion and share it with the right audience at the right time. There are three steps to generating a report:

Report Designing

With Skedler, you can design the report with text, parameters, elements as well as images. You can add your company logo to these reports and report names to create more credibility among your customers and other stakeholders. 

Check out how easy it is to add charts from your Kibana dashboard to these Skedler report:

Other options available at the design stage are:

a. Adding Burst Filter: This filter can be used to use one dashboard and send reports to multiple customers at the same time based on different dashboard queries.

b. Selecting Time Window: You can choose between selecting any particular time frame or using the dashboard time window. 

Report Scheduling

Once the report design is completed, we can set the Schedule. Here, you can set the recurrence and frequency. You also get the option of adding holidays. The export options include PNG, HTML Inline, Excel, and CSV.

Report Distribution

Skedler allows seamless distribution via Email as well as Slack channel. For the email channel, you can add the recipients and use parameters to customize the subject or body of the email. Similarly, for Slack, you can select the channel or the direct recipient to receive these reports upon generation.

These reports can be generated, downloaded, and mailed at any time irrespective of the schedule. You can share the report with any user within the organization. You can edit the report design or schedule and check the history of these reports as well.

To see the Security Onion report generation in action, check out this step-by-step tutorial.

Summary

This blog was a very quick overview of how to automate reports from Security Onion Dashboards using Skedler. We have accumulated a series of documentation and videos for you to check out all of the above-mentioned information in detail. If you haven’t already, download Skedler now and try it free for 15 days.