search

rocknsm / rock-dashboards

Dashboards and loader for ROCK NSM dashboards
http://rocknsm.io
Apache License 2.0
47 stars 17 forks source link

Suricata dashboard refresh #57

Closed peasead closed 4 years ago

peasead commented 4 years ago

Redid an export after an index refresh.

neu5ron commented 4 years ago

best way to test is to do a manual import (via kibana) or automatic import (using rock dashboards kibana import script).

It's hard to review export updates because it updates every single file (because of timestamp or kibana version changes). So if you do that and it works, then LGTM.

peasead commented 4 years ago

Agreed, it does look weird. I'm not sure what -n's are.

I fixed them, verified that they worked, ran the export.

Open to more testing suggestions.

peasead commented 4 years ago

Steps to test this:

  1. built a working ROCK VM
  2. made the dashboard changes to update Suricata to the new Logstash changes made for the SIEM
  3. refreshed the Index Pattern for ecs-* and ecs-suricata-*
  4. ran a pcap through to ensure all dashboards were populated
  5. ran the export saved objects script from this repo
  6. pushed the exported objects into this branch
  7. downloaded this branch as a tarball
  8. renamed the contents of the tarball from suricata-dashboard-refresh to rock-dashboards-master
  9. retarred the rock-dashboards-master folder as rock-dashboards_master.tar.gz
  10. copied this tarball to /srv/rocknsm/support/ of a fresh ROCK vm
  11. ran the rock setup process
  12. verified that the dashboards loaded
  13. verified that pcap populated the dashboards