2: Installation
Boot from the SecurityOnion ISO or installation disk Upon boot completion, run the installation link on the Desktop.
This installation guide begins after first boot following installation of the Operating System.
Follow the prompts in the screens below ensuring you select you listed interfaces
Choose "No, only configure a management interface." This choice is critical.
Default values are acceptable as the functionality will be disabled in subsequent prompts
Check the non management interface from the list
Type "yes" at the prompt, then enter password for master server user
Reboot the system upon completion of the Second Stage
Download HELK4SO project and unzip in any directory of your choosing cd or Change Directory into the HELK4SO folder
Follow prompts to identify interfaces and settings for monitored interface
Allow beats from monitored subnet or address with [b] option
This command accepts cidr notation as well (10.0.0.0/24) for example
Once complete, the script will prompt for username to connect to master server.
This user must be allowed to execute as sudo on master server.
Use [e] option and the IP address of the management interface of this sensor in the so-allow prompts
Reboot and enjoy. Please add index pattern "logs-*" on the master server to start displaying logs.