Closed fl0x2208 closed 8 years ago
wesyoung
commented
8 years ago hiya,
my guess is it has something to do with kiabana and the current version of es we're working with. i kinda fiddled with it a few months ago and was having some issues as well. haven't had the cycles to research it any further, may be a good question for the users list, i think others have messed around with it a bit and got it working(?)
fl0x2208
commented
8 years ago lets see, I have read through but most had this issue with same version. May be someone has actually found a way to work it out.
Thanks for the response Wes.
wesyoung
commented
8 years ago np, it could be that this might work with 1.7 as related to #419 just haven't had the spare cycles to think through it. something we're working to address with https://github.com/csirtgadgets/bearded-avenger/releases (ie: making sure we keep better up to date with underlying storage versions) so there's less version mis-match that could cause issues like this.
fl0x2208
commented
8 years ago Thanks wes. I will check that issue. I haven't upgraded ES as couple of weeks ago ES just released version 5 and wanted to know what are the major differences by using it.
As you know 1.x must be upgraded to 2.x and only than to 5.x.
We definitely need to work on version control. I haven't had chance to actually learn and install bearded-avenger (love the name).
I will be doing that this weekend.
Do you think bearded avenger will work with KIBANA 4.4 ? I use KIBANA for visualisation and proper interface for Analysts. I am still looking for other tools that I can use for visualisation and analytics
I will try that anyway and if I can will let you know.
Regards Kunal
Sent from my iPhone
On 7 Jun 2016, at 9:44 PM, Wes notifications@github.com wrote:
np, it could be that this might work with 1.7 as related to #419 just haven't had the spare cycles to think through it. something we're working to address with https://github.com/csirtgadgets/bearded-avenger/releases (ie: making sure we keep better up to date with underlying storage versions) so there's less version mis-match that could cause issues like this.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
wesyoung
commented
8 years ago we know massive-octo-spice does NOT yet work with ES 1.7+ (or 2 or 5 for that matter), although we're looking into it. next few weeks i'm gonna port over the es framework from v2 to bearded-avenger (have NOT done that yet, but it's moving closer to the top of the list and should be easy enough to do both in terms of framework and work across v2 and v5 of es too).
if i get some spare cycles this week, maybe i'll try to bang out something out..
fl0x2208
commented
8 years ago Thanks wes appreciate your response and help.
Please let me know if I can be of any assistance. Would love to get into the rabbit hole 😀.
Regards Kunal
Sent from my iPhone
On 7 Jun 2016, at 10:17 PM, Wes notifications@github.com wrote:
we know massive-octo-spice does NOT yet work with ES 1.7+ (or 2 or 5 for that matter), although we're looking into it. next few weeks i'm gonna port over the es framework from v2 to bearded-avenger (have NOT done that yet, but it's moving closer to the top of the list and should be easy enough to do both in terms of framework and work across v2 and v5 of es too).
if i get some spare cycles this week, maybe i'll try to bang out something out..
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
wesyoung
commented
8 years ago np. appreciate the feedback. i started this:
https://github.com/csirtgadgets/bearded-avenger/compare/fix/24?expand=1
but didn't get as far as i wanted to just yet. requires some ansible, python and docker knowhow (if you're bored). shouldn't take too much more to get things working, but give you a basic idea of what's cooking.
feel free to open a thread up under bearded-avenger if you dig into it at all, hopefully it'll be somewhat stable next week[ish].
fl0x2208
commented
8 years ago Let me see if I can help. I have long weekend and will try to assist where I can.
Regards
Sent from my iPhone
On 11 Jun 2016, at 5:03 AM, Wes notifications@github.com wrote:
np. appreciate the feedback. i started this:
https://github.com/csirtgadgets/bearded-avenger/compare/fix/24?expand=1
but didn't get as far as i wanted to just yet. requires some ansible, python and docker knowhow (if you're bored). shouldn't take too much more to get things working, but give you a basic idea of what's cooking.
feel free to open a thread up under bearded-avenger if you dig into it at all, hopefully it'll be somewhat stable next week[ish].
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
fl0x2208
commented
8 years ago I looked at the fix and still going through it. Is there any specific I need to work on. I am also writing threat feeds for more resources and can upload them too.
I am still new in ansible so please bare with me
Regards
Sent from my iPhone
On 11 Jun 2016, at 5:03 AM, Wes notifications@github.com wrote:
np. appreciate the feedback. i started this:
https://github.com/csirtgadgets/bearded-avenger/compare/fix/24?expand=1
but didn't get as far as i wanted to just yet. requires some ansible, python and docker knowhow (if you're bored). shouldn't take too much more to get things working, but give you a basic idea of what's cooking.
feel free to open a thread up under bearded-avenger if you dig into it at all, hopefully it'll be somewhat stable next week[ish].
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
Team,
I am trying to access kibana from the windows host machine. Kibana 3.1.1 and ES - 1.4.5 are on same VM Guest - Ubuntu.
I have changed elasticsearch.yml and kibana config.js but whatever changes I make it does not work. The error i get is Connection Failed. Following those instruction I have added line http.cors.enabled: true but no difference.
If I add _http.cors.allow-origin: "/https?:\/\/<_your.kibana.host_>(:[0-9]+)?/"_ than also no changes. I cant even open kibana in guest os unless i disable above configuration. Have also updated host file just in case.
I have attached my elasticsearch.yml and kibana - config.js for reference. Not sure what I am doing wrong here.
I have configured my other honeypot box with similar settings and it works there. Not sure what is wrong here.
When I access the VM - via https://192.168.8.144/kibana/#/dashboard, I just get blank page. Tried with different port number but than not response.
Please assist.
Regards FL
elasticsearch.zip