If you are running the Elastic Stack based Security Onion for intrusion detection and enterprise security monitoring, have you heard the good news? Skedler Reports has released its latest version with support for the security onion environment. The focus of this blog post will be how to email PDF, CSV, XLS reports from the Elastic Stack used in Security Onion.
If you’ve never heard about Security Onion before, it is a Linux distro for intrusion detection, Network Security Monitoring, and log management. It’s based on Ubuntu and contains Snort, Bro, OSSEC, Sguil, Squert, and many other security tools. Security Onion is a platform that allows you to monitor your network for security alerts. Elasticsearch includes Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools.
Source: Security Onion website
Skedler Reports offers the most powerful, flexible and easy-to-use data monitoring solution that companies use to exceed customer SLAs, achieve compliance, and empower internal IT and business leaders. By using Skedler Reports, you can enjoy the following benefits:
After installation, when you launch Skedler Reports for the first time, the Settings page is displayed. You can access Basic and Advanced settings.
You can configure the Data Source details required for Skedler report generation.
Select the Datasource as ”ELK Stack”.
Enter the name of the Datasource as ”SecurityOnion_DataSource”.
Enter the Elasticsearch URL instance in the Elasticsearch URL field. By default, the field is set with the “http://localhost:9200” value.
Enter the Kibana URL instance for Skedler report generation in the Kibana URL field. By default, the field is set with the “http://localhost:5601” value.
Enter the Kibana index in the Kibana Index field. By default, the field is set with .kibana value
Select the Authentication Type from the drop-down as Security Onion.
Enter the security username and password for Elasticsearch in the Elasticsearch Admin Username and Elasticsearch Admin Password field and for Kibana in the Kibana Admin Username and Kibana Admin Password respectively. Click “Test and Save” to test and save the Datasource configuration.
To proceed to the Notification Channels step, I’ll click the next button at the bottom. For Notification Channel Configuration, I will choose a channel as Mail. Next, I’ll name this Channel “SecurityOnion_Mail”. I’ll choose Supported Service as Others.
Then I’ll configure the SMTP connection by specifying the Outgoing Server, Port, Senders Email, Password, and Admin Email. Click “Test and Save” to test and save the Notification configuration.
Then I’ll click Create a Report. The first step is the Report Details.
I’ll name this report “Security Onion Overview” This is what will appear in the subject line of the report email. Next, I’ll choose my data source as SecurityOnion_DataSource. I’ll choose Dashboard as a type. Next, I need to select the Dashboard to be used for generating reports. I’ll choose the Overview. If needed, I could choose a filter, but I’ll leave this as No FIlter. For Time Range, I’ll choose This Week.
To proceed to the Report Design step, I’ll click next at the top.
I’ll choose PDF as the file format I want to receive and I’ll choose the Default Template as the Template with Smart Layout as Layout. I’ll also include an Excel report by checking this box.
Clicking Next takes me to the Schedule step, where I’ll choose to receive reports Daily at the beginning of the day. I could also choose to have reports sent only on weekdays. To save changes I’ll click Schedule.
I’ll proceed to the last step: Distribute. From the drop-down, I’ll choose Mail Channel. Here I’ll enter the email recipient, add a CC or BCC if needed, and I can keep the default message or edit it. The report schedule is finished, so I’ll click Save and Exit.
I now see my Security Onion Overview at the top of my reports list. To download the PDF and Excel report I can click this icon. Under Actions, I can edit the schedule, and I can email the report immediately if I don’t want to wait until the scheduled time.
Now I’ve successfully set up automated daily Security Onion Overview reports to the customer’s use.
This blog was a very quick overview of how to email PDF, CSV, XLS reports from Security Onion. If you have any more questions, please contact us.