Security Onion Reports - Create, Schedule, and Generate PDF Reports using Skedler

Modified on Wed, 8 Jun, 2022 at 3:39 AM

This section will walk through the steps to create a visual PDF report from a Security Onion dashboard, one of the most trending reports generated using Skedler. We will detail each step along the way to create a professional quality report.

Pre-requisites

You can login with any user priiledge: Superuser , Analyst , Limited-Analyst , Auditor , and Limited-Auditor

If you are a Security Onion Superuser, you can login to Kibana using the same credentials as Security Onion will create an ELK admin account by default.

Connect Security Onion with Skedler

Security Onion uses Kibana for visualization. So, we will use Skedler's integration with Kibana to automate the Security Onion reports.

To connect the Security Onion account with Skedler:

1. Click on 'Datasource' from the left panel.

2. Select 'Create Data Source' from the top right corner of the screen and select 'Kibana'.

3. In the next screen, you can enter the Datasource name, Elasticsearch URL, Kibana URL, and the Kibana Index.

4. Toggle the 'Enable authentication' button to 'YES' and choose Security Onion from the 'Authentication Type' drop-down menu.

5. Enter the Security Onion username and password

6. Enter Elastic search and Kibana admin credentials.

If you have the same credentials for Elasticsearch and Kibana, check 'Security Onion and ELK credentials are the same'.

7. Under Advanced Options, you can set the Search Limit as high as 10000. You can also adjust the Ping Timeout and Request Timeout.

8. Click 'Save and Test' and you will get a success message confirming the data source connection.

Create Security Onion Reports using Skedler

Once the data source is connected, we can automate the report distribution from a Security Onion dashboard in a few minutes:

1. Click on 'Reports' from the left panel.

2. Select 'Create Report' from the top right corner of the screen and select 'Visual Report'.

3. Choose the ELK account connected with Security Onion under the 'Select Data Source' drop-down list.

4. Choose the required Space from the 'Select Space' drop-down list.

5. Now select the dashboard (Security Onion) and keep the default load time (180). Then, click on ‘Next’ to move to the Report designing.

We recommend using the default 'Load Time for Dashboard'.

Next, choose the Report Type. The Dashboard Snapshot layout replicates my default Kibana dashboard, and the Smart layout allows me to customize the charts inside the report.

The ‘Choose Template’ section includes all the custom templates as well the default ones provided by Skedler.

After the design page loads, Reports can be customized using charts, text elements and auto-generated parameters, graphic elements, and images in all layout types. (Hint, start with assigning a report name)

Next, to add charts to the report, click on them from the left panel or drag-n-drop them directly to the report. To add multiple charts at once, you can select them and click on ‘Add charts to reports. It will automatically populate the report with the selected charts and add pages as required.

Skedler also options to reorder pages, delete the current page, add a new blank page, or open the Settings, where I can change page size, orientation, and background color.

You can use this panel at the bottom of the page to add new pages, rearrange them, and duplicate or delete them.

When designing the PDF report, you will not see the actual data from the charts, but a sample mockup of the chart. Actual data will be rendered when the report is generated.

Charts must be saved as visualizations in the Kibana-SOS dashboard to generate PDF reports using Skedler. Skedler does not support ad-hoc charts from Kibana dashboard. Ad-hoc charts that are not saved as visualizations will be shown as undefined charts in Skedler.

When you drag and drop a chart, the size that the chart/graph pops up in what we call "True Size", the size of the chart in the Kibana SOS dashboard, which is automatically set to work perfectly with your dashboard data so oftentimes there's no need to resize. You can easily move and resize them as well.

You can even add text between charts. Feel free to customize the report to your needs. Click Next to schedule your report.

Schedule Security Onion Reports using Skedler

You can schedule the report in a variety of ways, select frequency, and mark holidays.

You'll see a confirmation of the report schedule, further, you can edit or remove the schedule alternatively Click Next to proceed.

Distribute Security Onion Reports using Skedler

After scheduling your report, the next step is to distribute them. Choose if you want to create an email notification channel or a Slack notification channel.

Fill in the respective information for the email channel or slack channel, and click Save on the bottom right corner.

Now in the Distribute section, you will find the notification channel you just created.

In the next UI, you can select which notification channels you want to use to distribute the report and which team members/contacts it will be emailed to. You can customize who receives the report, subject, and message that accompanies the report.

Lastly, click the Save button on the top right corner to finish creating your visual report.

After the report is created, you can download it by clicking on the PDF icon. When you click it for the first time, it will automatically generate the report and download it to your computer. Subsequently, click on the Generate Now icon or choose to Generate Now from the … drop-down menu. to regenerate the report.