ELSA Web Services API
79 views
Skip to first unread message
adam.k...@verodin.com
Aug 22, 2018, 6:09:52 AM8/22/18
to security-onion
Hello,
I know ELSA is EOL in October, however I am stuck using it for a while trying to support a legacy environment before it can be upgraded to the newer ELK based SO.
I have a new install of SO 14.04.5.10, I've configured my interfaces through the setup script and run setup again. I have chosen "eval" mode since I'm on a standalone VM for my current dev work.
I'm trying to hit the ELSA web api and it's going poorly... I found one message in this group from 2015 saying to hit the IP:3154/API/query?q=whatever. I added the rule through ufw for 3154 and set allow for https (I can hit elsa's main page through https://ip/elsa), however I think the paths have changed. When I try to hit https://ip:3154/API/query I get an ssl protocol error. When I try to hit https://ip:3154/elsa/API/query I get the same thing. If I try without 3154, and instead use normal 443 I get 404 errors for /elsa/API/query and /API/query.
If anyone has any idea what the paths would be now, or how to add the required routes that'd be great. Also, if I'm way off base, that would be good to know too.
Thanks!
--
This message is for the designated and authorized recipient only and
may contain privileged, proprietary, confidential or otherwise private
information relating to Verodin, Inc. and is the sole property of Verodin,
Inc. Any views or opinions expressed are solely those of the author and do
not necessarily represent those of Verodin, Inc. If you have received this
message in error, or if you are not authorized to receive it, please notify
the sender immediately and delete the original message and any attachments
from your system immediately. If you are not a designated or authorized
recipient, any other use or retention of this message or its contents is
prohibited.
I know ELSA is EOL in October, however I am stuck using it for a while trying to support a legacy environment before it can be upgraded to the newer ELK based SO.
I have a new install of SO 14.04.5.10, I've configured my interfaces through the setup script and run setup again. I have chosen "eval" mode since I'm on a standalone VM for my current dev work.
I'm trying to hit the ELSA web api and it's going poorly... I found one message in this group from 2015 saying to hit the IP:3154/API/query?q=whatever. I added the rule through ufw for 3154 and set allow for https (I can hit elsa's main page through https://ip/elsa), however I think the paths have changed. When I try to hit https://ip:3154/API/query I get an ssl protocol error. When I try to hit https://ip:3154/elsa/API/query I get the same thing. If I try without 3154, and instead use normal 443 I get 404 errors for /elsa/API/query and /API/query.
If anyone has any idea what the paths would be now, or how to add the required routes that'd be great. Also, if I'm way off base, that would be good to know too.
Thanks!
--
This message is for the designated and authorized recipient only and
may contain privileged, proprietary, confidential or otherwise private
information relating to Verodin, Inc. and is the sole property of Verodin,
Inc. Any views or opinions expressed are solely those of the author and do
not necessarily represent those of Verodin, Inc. If you have received this
message in error, or if you are not authorized to receive it, please notify
the sender immediately and delete the original message and any attachments
from your system immediately. If you are not a designated or authorized
recipient, any other use or retention of this message or its contents is
prohibited.
Wes Lambert
Aug 23, 2018, 7:40:41 AM8/23/18
to securit...@googlegroups.com
Are you using an API key with your request?
Thanks,
Wes
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
adam.k...@verodin.com
Aug 23, 2018, 9:28:46 AM8/23/18
to security-onion
Hey Wes,
I'm not - at this point I was just trying to figure out which URI to hit. As it looks like previous builds of SO didn't include "/elsa" in the URI.
As far as I know adding the api key wouldn't fix the 404 or the SSL protocol error. Would love to be wrong though.
adam.k...@verodin.com
Aug 23, 2018, 9:43:04 AM8/23/18
to security-onion
Actually, I forgot, I did try it with an API key as well. Same results.
Doug Burks
Sep 1, 2018, 8:02:00 AM9/1/18
to securit...@googlegroups.com
Hi Adam,
Have you tried https://ip/elsa-query/API/query?
--
This message is for the designated and authorized recipient only and
may contain privileged, proprietary, confidential or otherwise private
information relating to Verodin, Inc. and is the sole property of Verodin,
Inc. Any views or opinions expressed are solely those of the author and do
not necessarily represent those of Verodin, Inc. If you have received this
message in error, or if you are not authorized to receive it, please notify
the sender immediately and delete the original message and any attachments
from your system immediately. If you are not a designated or authorized
recipient, any other use or retention of this message or its contents is
prohibited.
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Doug Burks
CEO
Security Onion Solutions, LLC
CEO
Security Onion Solutions, LLC
Reply all
Reply to author
Forward
0 new messages