filebeat boilerplate code
Fecha de Inicio: 24 de Mayo, 2021 2 meses
- Alertas de los twits que hablan de ti
- Salvar esquema nacional de seguridad del OAR/
Monitorizar servicios ya existentes:
- Web Server (jBoss, Apache, nginx...)
- Monitorizar Email
Monitorizar servicios de seguridad que se pudieran llegar a instalar:
- Zeek
- pfSense
- OSSEC
- Yara 4 OSSEC
- Modulable
- Construcción en menos de 300 horas
Basado en esta guía
sudo apt-get install openjdk-8-jdk
sudo apt-get install nginx
wget –qO – https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add –
sudo apt-get install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee –a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get update
sudo apt-get install elasticsearch
sudo vi /etc/elasticsearch/elasticsearch.yml
...
network.host: localhost
http.port: 9200
discovery.type: single-node
...
sudo vi /etc/elasticsearch/jvm.options
# Find the lines starting with -Xms and -Xmx. In the example below, the maximum (-Xmx) and minimum (-Xms) size is set to 512MB.
sudo systemctl start elasticsearch.service
El servicio corre en localhost:9200
sudo apt-get install kibana
sudo vi /etc/kibana/kibana.yml
...
server.port: 5601
server.host: "localhost"
elasticsearch.hosts: ["http://localhost:9200"]
sudo systemctl start kibana
El servicio corre en localhost:5601
sudo apt-get install logstash
sudo systemctl start logstash
sudo systemctl enable logstash
sudo systemctl status logstash
Logstash is a highly customizable part of the ELK stack. Once installed, configure its INPUT, FILTERS, and OUTPUT pipelines according to your own individual use case.
All custom Logstash configuration files are stored in /etc/logstash/conf.d/.
https://www.elastic.co/guide/en/logstash/7.0/config-examples.html
sudo apt-get install filebeat
sudo vi /etc/filebeat/filebeat.yml
Keep commented
# output.elasticsearch:
# Array of hosts to connect to.
# hosts: ["localhost:9200"]
Uncomment:
output.logstash
hosts: ["localhost:5044"]
Enable the Filebeat system module, which will examine local system logs:
sudo filebeat modules enable system
sudo filebeat setup --index-management -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["localhost:9200"]'
sudo systemctl start filebeat
sudo systemctl enable filebeat
curl -XGET http://localhost:9200/_cat/indices?v
Clonar este repo y ejecutar cluster con docker:
git clone https://github.com/deviantony/docker-elk
cd docker-elk
docker-compose up
The stack is pre-configured with the following privileged bootstrap user: user: elastic password: changeme
5044: Logstash Beats input5000: Logstash TCP input9600: Logstash monitoring API9200: Elasticsearch HTTP9300: Elasticsearch TCP transport5601: Kibana
- Buscar nombre
- En Español
- Crear cualquier grafico en Kibana
- Importar cualquier flujo de datos
- Crear filtros
- Crear alarmas
- Listar/Personalizar Beats para ingestion de datos que no existan todavia
- Fecha fin de proyecto
- Fecha empezar a vender
- [Elasticsearch]
- [Kibana]
- [Logstash]
- [Filebeat]
- [Metricbeat]
- Packetbeat: Network data
- [Heartbeat]
- [Auditbeat]
- [Yara]
- pfsense
- Zeek
- Step #1: Collect data from various sources.
- Step #2: Normalize and aggregate collected data.
- Step #3: Analyze the data to discover and detect threats.
- Step #4: Pinpoint security breaches and enable organizations to investigate alerts.
- https://github.com/patrickjennings/logstash-pfsense
- https://www.docker.elastic.co/
- https://www.elastic.co/siem
- https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-installation-configuration.html
- [HELM](https://www.aplyca.com/es/blog/helm-gestor-kubernetes#:~:text=Helm%20(del%20t%C3%A9rmino%20mar%C3%ADtimo%20de,para%20gestionar%20aplicaciones%20de%20Kubernetes.&text=La%20principal%20funci%C3%B3n%20de%20Helm,y%20la%20comunidad%20de%20Helm)
