Hello everyone,
I'm setting up a lab with Security Onion and I'm configuring Auditbeat in an Ubuntu Desktop instance. When I run "auditbeat setup" I get the next error:
Looking for the Kibana logs in the SO machine I get this:
"Incorrect HTTP method for uri [/_ml/anomaly_detectors] and method [GET], allowed: [POST]", "status": 405}"
I was trying multiple solutions but none of them works for me. Here you can check my auditbeat.yml file
Kibana
#Starting with Beats version 6.0.0, the dashboards are loaded via t>
#This requires a Kibana endpoint configuration.
setup.kibana:
host: "192.168. 30. 10:5601"
#Kibana Host
#Scheme and port can be left out and will be set to the default
#In case you specify and additional path, the scheme is required:>
#IPv6 addresses should always be defined as: https://[2001:db8 :: 1>
#host: "localhost: 5601"
#Kibana Space ID
#ID of the Kibana Space into which the dashboards should be loade>
#the Default Space will be used.
#space.id:
Elasticsearch output
output.elasticsearch:
#Array of hosts to connect to.
hosts: ["192.168.30.10:9200"]
#Enabled ilm (beta) to use index lifecycle management instead dai>
#ilm.enabled: false
#Optional protocol and basic auth credentials.
protocol: "https"
ssl.verification_mode: none
username: "XXXX"
password: "XXXX"
Kibana is accessible from the browser and all the services are working correctly in SO server.
Thank you all for you help.