Using the Kibana Plugin

You must have Root scope to use this feature.

The Kibana plugin lets you analyze the Stellar Cyber data lake using Kibana without leaving Stellar Cyber. You do not need to log in to Kibana.

You can damage the Stellar Cyber data structure using these tools. Use caution. Commands that alter data should only be used by advanced users.

The Kibana application is displayed as an embedded window.

See the Kibana User Guide for full documentation of this tool.

Performing Searches for Index Patterns in Kibana

Keep in mind that when you enter index patterns to retrieve data from Stellar Cyber using Elasticsearch, you must use the following format:

aella-<index_type>-*

The index_type corresponds to one of the following Stellar Cyber indices:

  • Alerts aella-ser-*

  • Assetsaella-assets-*

  • AWS Eventsaella-cloudtrail-*

  • DP Monitoringaella-dp-monitor-*

  • IDPS/Malware Sandbox Eventsaella-maltrace-*

  • Linux Events: aella-audit-*

  • Scansaella-scan-*

  • Sensor Monitoringaella-ade-*

  • Signalsaella-signals-*

  • Syslogaella-syslog-*

  • Traffic aella-adr-*

  • Users aella-users-*

  • Windowsaella-wineventlog-*

Sample Searches

Here is a sample search on an aella-wineventlog-*- index: