VulnWhisperer
VulnWhisperer copied to clipboard
HASecuritySolutions
Dashboards not working - Fielddata is disabled
Hello Vulnwhisperes, I'm in a trouble with import kibana.json to generate the graphics
I've tried more than 5 times importing new logs and different ways, but always I got the same problem.
I'm capable to download nessus scan, convert it to csv, import to kibana but only when I import kibana.json I got this message.
I'm using ELK version 7.3 Ubuntu 16.04, If you guys need more information please tell me.
Does anyone know if there is a workaround to this issue? I'm currently experiencing the same issue within Kibana (I'm running CentOS 7 w/ docker vulnwhisperer. If no workaround, any insight on when it'll be resolved? I would like to see vulnwhisperer up & running completely in my environment.
Error Message:
Thanks in advance!
Looks to be an issue with mapping.
Have a look at your index mapping, you will likely see something along the lines of
"plugin_name": {
"type": "text"
"properties": {
"keyword": {
"type": "keyword"
}
}
}
It looks like this should be:
"plugin_name": {
"type": "keyword"
}
Have a google around, there are some pretty good materials on index mapping. You can also have a read through a thread I had with someone on the elastic slack on how to update your index settings.
ps: Not sure if this is an issue with vulnwhisperer or not, this is just a potential fix
Had a quick read through the index templates provided by VulnWhisperer. The ELK7 compatible should be correct. Did you use this one?
@SHolzhauer thanks for the info that’s exactly my problem. I’m new to ELK & not sure how to update the index to use the ELK7 vulnwhisperer json file. I’ll keep looking/ searching, any additional info / steps are greatly appreciated.
@SHolzhauer thanks for the info that’s exactly my problem. I’m new to ELK & not sure how to update the index to use the ELK7 vulnwhisperer json file. I’ll keep looking/ searching, any additional info / steps are greatly appreciated.
Have a look at the tread I linked, i basically go trough it step by step. Read it before you do it ;)
@SHolzhauer I read through the Slack channel post that you referenced and started going through it today & ran into the following error with step 1:
curl --user
Any insight? Is there an easier way to accomplish this? I really need to get this up & running to see if its going to work for us or not. Thanks again for the assistance.
@SHolzhauer - command should read: curl --user username --location -k --request PUT 'https://hostname:9200/logstash-vulnwhisperer-2020.01/_settings' --header 'Content-Type: application/json' -d '{ "settings": { "index.blocks.write": "true" } }'
@SHolzhauer - command should read: curl --user username --location -k --request PUT 'https://hostname:9200/logstash-vulnwhisperer-2020.01/_settings' --header 'Content-Type: application/json' -d '{ "settings": { "index.blocks.write": "true" } }'
Depends on your cluster, if this is your command then you don't need to authenticate in order to index events ;)
@SHolzhauer I'm having the same issue but the links no longer work. Do you still have the instructions by chance?
@SHolzhauer I'm having the same issue but the links no longer work. Do you still have the instructions by chance?
Have a read through the Elastic docs on index templates and mappings. The issue is elasticsearch is dynamically interpreting the data being ingested by Vulnwhisperer, and interpret it differently as used by the visualizations.
To solve this you should, before sending data, setup an index template with the correct mapping as provided.
The Elastic docs should guide you through it.