Skip to content

A curated toolkit and knowledge base for SIEM using Elasticsearch, Kibana, and Zeek. Dive into log analysis, anomaly detection, for SOC and SIEM practices.

Notifications You must be signed in to change notification settings

0xsynix/SIEM-With-ELK

Repository files navigation

⚠️ Important Notice:

This repository is no longer actively maintained and may contain outdated versions and configurations. While the provided documentation and configuration files may still serve as valuable references, it is recommended to verify compatibility with the latest versions of Elasticsearch, Kibana, Beats modules, and Zeek before proceeding with any implementations.

SIEM With ELK

This repository contains configurations and guides for setting up Elasticsearch, Kibana, Beats modules, Zeek, and automated installation scripts.

Table of Contents

Introduction

Welcome to our comprehensive repository designed to streamline the setup and configuration of Elasticsearch, Kibana, Beats modules, and Zeek, along with an automated installation script for seamless deployment.

Managing and analyzing large volumes of data efficiently is crucial for modern businesses and organizations. Elasticsearch and Kibana serve as powerful tools for storing, searching, and visualizing this data, while Beats modules enable the collection of various types of operational data. Additionally, Zeek (formerly known as Bro) provides network security monitoring capabilities, enhancing overall system security.

This project aims to simplify the deployment and configuration process for these essential components by providing clear documentation, configuration files, and an automated installation script. Whether you're setting up a new environment or optimizing an existing one, our repository offers a step-by-step guide and pre-configured files to accelerate your workflow.

Through detailed explanations, best practices, and customizable options such as custom index configurations and minimal security settings, we strive to empower users to tailor their setups according to their specific needs. Additionally, our automated installation script eliminates manual installation steps, reducing the time and effort required to get your environment up and running.

Installation

Step-by-step guide on how to install the required components.

  1. Install Elasticsearch
  2. Install Kibana
  3. Install Beats
  4. Install Zeek

Configuration

Elasticsearch

Explanation of Elasticsearch configuration and its setup.

Kibana

Explanation of Kibana configuration and its setup.

Beats Modules

Explanation of Beats modules configuration.

  • Filebeat - Explanation of Filebeat configurations.
  • Metricbeat - Explanation of Metricbeat configurations.
  • Packetbeat - Explanation of Packetbeat configurations.
  • Auditbeat - Explanation of Packetbeat configurations.
  • winlogbeat - Explanation of Packetbeat configurations.
  • Heartbeat - Explanation of Packetbeat configurations.

Custom Index Configuration

Explanation of setting up a custom index in Elasticsearch.

Minimal Security

Guide on configuring minimal security measures.

Zeek

Explanation of Zeek configuration.

  • zeek - Zeek configuration files and explanations.

Automated Installation Script

A automated shellscript for installing and managing the services of all components

About

A curated toolkit and knowledge base for SIEM using Elasticsearch, Kibana, and Zeek. Dive into log analysis, anomaly detection, for SOC and SIEM practices.

Topics

Resources

Stars

Watchers

Forks

Languages