Repo Template: elasticsearch, logstash, kibana
Security information and event management (SIEM) technology supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources. The core capabilities are a broad scope of log event collection and management, the ability to analyze log events and other data across disparate sources, and operational capabilities (such as incident management, dashboards and reporting).
This is the centralised log server and log management web interface. This is composed of Elasticsearch, Logstash, and Kibana, collectively known as ELK. The base configuration will be equivalent to the ELK stack image from https://github.com/spujadas/elk-docker using one of the following options.
OpenTelemetry defines three flavors of telemetry โ distributed traces, metrics, and logs. This component is the local implementation of "instrumentation and observability" for infrastructure. This may be a software component (Filebeat and Winlogbeat) or configuration which forwards information to the server.
Point your browser to http://<your-elk-server-ip-here>:5601
Item | Reference |
---|---|
Elasticsearch | https://github.com/elastic/elasticsearch |
Logstash | https://github.com/elastic/logstash |
Kibana | https://github.com/elastic/kibana |
Filebeat and Winlogbeat | https://www.elastic.co/downloads/beats/ |
Microsoft Security Events | https://www.microsoft.com/en-us/download/details.aspx?id=50034 |
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx | |
Docker | https://www.docker.com/ |
https://github.com/phusion/baseimage-docker | |
Ubantu | https://ubuntu.com/download/server |
This project is released under the MIT License.