Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Video suggested: elastic agent

Download Elastic Agent on Windows

  • Download the elastic agent from securityOnion to host machine.
 pipx install uploadserver

uploadserver
  • Go to your python server on Edge 10.10.3.2:8000 and download file to windows.
  • Run the executable as administrator.

Firewall config

  • To enable Elastic agent to send logs, please add your subnet to the allowed lists here.
  • elasticsearch_rest - rest API endpoint running on port 9200. (We are directly sends logs to elastic search, skipping logstash)

Pasted_image_20250606125342.png

Pasted_image_20250609142211.png

Verify

  • Go to: Kibana → Analytics → Discover
  • Add agent.name and process.name to Selected Fields

Pasted_image_20250609142704.png

⚠️ Note

Make sure your windows can resolve the SecurityOnion host name. Check with elastic-agent status to view any errors. elastic-agent - should be in C:\Program Files\elastic\agent\ Edit hosts file in windows to include: 10.10.20.100 soc-server. soc-server is your SecurityOnion host name.