- Copiar ambos os arquivos desde gist (Os arquivos abaixo, chamados
.env
edocker-compose.yml
) dentro de um diretório e acessar esse diret - Editar o .env com as opções de credencial
- Para usar sem o trial, trocar no .env o LICENSE para basic:
LICENSE=basic
- Para usar sem o trial, trocar no .env o LICENSE para basic:
- Ligando o ambiente
- Rodar o
docker-compose up -d
- Rodar o
docker-compose logs -f kibana
- Rodar o
- Aguardar o Kibana parar de carregar mensagens por mais de 30 segundos (quer dizer que ele terminou de carregar)
Vagrant.configure("2") do |config| | |
config.vm.define "laboratorio" do |laboratorio| | |
# ======= OPCOES DO VIRTUALBOX ======= | |
# VM BASE DO DEBIAN | |
laboratorio.vm.box = "debian/bookworm64" | |
# HOSTNAME DA VM | |
laboratorio.vm.hostname = "grafana-debian" | |
# REDE DA VM |
#!/bin/bash | |
# DEFINA AS CREDENCIAIS E CUSTOMIZACOES AQUI | |
export OPENCTI_BASE_URL="http://localhost:8080" | |
export OPENCTI_ADMIN_EMAIL="admin@opencti.io" | |
export OPENCTI_ADMIN_PASSWORD="ChangeMePlease" | |
export RABBITMQ_DEFAULT_USER="guest" | |
export RABBITMQ_DEFAULT_PASS="guest" | |
export SMTP_HOSTNAME="localhost" | |
export ELASTIC_MEMORY_SIZE="4G" |
#!/bin/bash | |
DATABASE_PASSWORD=${1:-Z4bb1xD4t4b4s3} | |
echo "######################################################################" | |
echo " INSTALACAO DO ZABBIX " | |
echo " SISTEMA OPERACIONAL UBUNTU " | |
echo "######################################################################" | |
echo " FONTE DO SCRIPT: " | |
echo " https://github.com/isaqueprofeta/zabbix-pipe2bash/ " |
#!/bin/bash | |
PATHTOISO = $1 | |
DISKTOWRITE = $2 | |
dd bs=4M if=$PATHTOISO of=$DISKTOWRITE conv=fdatasync |
ATTENTION, THIS GIST ISN'T FREQUENTLY UPDATED
MAIN SOURCE: https://github.com/isaqueprofeta/cybersec-path
- Jose Bravo - What is a SIEM? (5 Vídeos): https://www.youtube.com/watch?v=MtqFMe4zSpQ&list=PLHh9jhztlMyp8lyKXt9orVM57ygW_ihPS
- IPPSec - PowerSIEM Analyzing Sysmon Events with PowerShell: https://www.youtube.com/watch?v=MvfhIydxFmw
-
Where? https://t.me/ZabbixTech
-
Question: Hi team...is there any query where we can get the count of alarms raised per day?
-
Answer: Since version 6.0 you can create an API key and then do an JavaScript Script Item to check the information from Zabbix API using time_from and time_till parameters to filter the day before. Didn't tested, just prototyped the idea below, and before trying the code, remember to add the "url" and "apikey" to the item Parameters, (and please use a macro with vault for your apikey), in this case I'd configure the item interval as an scheduled one to run everyday at 1 or 2 AM:
TL;DR: O ingestão e atualizaçao dos dados foi feita com sucesso, a PoC terminou no ponto onde o Logstash para o OpenSearch não se mostrou interessante do ponto de vista de não ter recursos (que em pesquisa existem plugins do logstash para a versão proprietária do ElasticSearch) para calcular em novos campos no processo de atualização o tempo de duração dos eventos para facilitar o desenvolvimento de dashboards de apresentação de dados. Concluindo-se assim que seria mais interessante um python no lugar do logstash para executar funções de "update by query".
- Logstash para processamento dos dados vindos de triggers do real-time export do Zabbix
- OpenSearch para armazenamento e pesquisa
- OpenSearch Dashboards para analise de dados e dashboard
#!/bin/bash | |
DATABASE_PASSWORD=${1:-Z4bb1xD4t4b4s3} | |
echo "######################################################################" | |
echo " INSTALACAO DO ZABBIX " | |
echo " SISTEMAS OPERACIONAIS RHEL-LIKE ROCKY/ALMA LINUX " | |
echo "######################################################################" | |
echo " FONTE DO SCRIPT: " | |
echo " https://github.com/isaqueprofeta/zabbix-pipe2bash " |
#!/bin/bash | |
DATABASE_PASSWORD=${1:-Z4bb1xD4t4b4s3} | |
echo "######################################################################" | |
echo " INSTALACAO DO ZABBIX " | |
echo " SISTEMA OPERACIONAL DEBIAN " | |
echo "######################################################################" | |
echo " FONTE DO SCRIPT: " | |
echo " https://github.com/isaqueprofeta/zabbix-pipe2bash " |