Which tool included in the Security Onion is a series of software plugins that send different types of data to the Elasticsearch data stores?

The tool included in Security Onion that acts as a series of software plugins to send different types of data to Elasticsearch data stores is Beats.

Beats are lightweight, single-purpose data shippers that you install on your servers to send different types of operational data to Elasticsearch. Beats can send a wide array of information, including logs (Filebeat), network data (Packetbeat), metrics (Metricbeat), and more, which makes it an essential part of the Elastic Stack within Security Onion for monitoring and security data analysis.

1. OSSEC: This stands for Open Source HIDS Security, and it is an open-source Host-based Intrusion Detection System (HIDS). It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting, and active response. It doesn’t directly send data to Elasticsearch but is used for monitoring and alerting on the individual system’s security posture.
2. Curator: Elasticsearch Curator helps manage Elasticsearch indices and snapshots by automating maintenance tasks. You can use Curator to clean up old data by deleting or archiving indices based on defined policies. While Curator interacts with Elasticsearch, it does not ship data to it; rather, it’s used for managing data within Elasticsearch.
3. Beats: This is the correct answer to your original question. Beats is a collection of open-source data shippers that you install as agents on your servers to send various types of operational data to Elasticsearch. Each Beat is purpose-built for different kinds of data — for example, Filebeat for log files, Metricbeat for metrics, Packetbeat for network data, etc.
4. ElastAlert: This is an alerting tool that works with Elasticsearch. It is used to trigger alerts based on anomalies, patterns, or other conditions detected in the data stored in Elasticsearch. ElastAlert does not ship data to Elasticsearch, but rather it is a consumer of data within Elasticsearch, monitoring it and sending out alerts when its configured rules are met.

Each of these tools serves a different function in the context of security monitoring and analysis, and they can be used in conjunction to provide a comprehensive security posture for an organization.