Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/StamusNetworks/KTS5

Kibana 5 Templates for Suricata IDPS
https://github.com/StamusNetworks/KTS5

Last synced: about 2 months ago
JSON representation

Kibana 5 Templates for Suricata IDPS

Host: GitHub
URL: https://github.com/StamusNetworks/KTS5
Owner: StamusNetworks
License: gpl-3.0
Created: 2017-04-07T15:26:58.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2018-05-30T07:19:14.000Z (over 6 years ago)
Last Synced: 2024-04-15T02:10:11.378Z (5 months ago)
Language: Python
Size: 105 KB
Stars: 43
Watchers: 17
Forks: 15
Open Issues: 4
Metadata Files:
- Readme: README.rst
- License: LICENSE

Awesome Lists containing this project

awesome-suricata - KTS5 - Kibana 5 Templates for Suricata IDPS Threat Hunting. (Dashboards and Templates)

README

        ===============================

Kibana 5 Templates for Suricata

===============================

Templates/Dashboards for Kibana 5 to use with Suricata IDPS and the ELK stack

This repository provides 13 templates for the Kibana 5.x and Elasticsearch 5.x

for use with Suricata IDS/IPS - Intrusion Detection and Prevention System.

These dashboards are for use with Suricata and ELK - Elasticsearch, Logstash, 

Kibana and comprise of more than 140 visualizations and 11 searches.

The dashboards are:

 - ALL  

 - ALERTS 

 - DNS  

 - FILE Transactions  

 - FLOW  

 - HTTP  

 - IDS

 - OVERVIEW

 - SMTP

 - SSH  

 - TLS

 - VLAN

 - STATS

How to use

==========

::

     apt-get install git-core

     git clone https://github.com/StamusNetworks/KTS5.git

     cd KTS5

     

Load the dashboards: ::

 ./load.sh

If this is a clean elasticsearch 5.x installation (aka not an upgrade from 2.x to 5.x) you need to: ::

 find /path/to/KTS5/dashboards/ -type f -exec sed -i -e 's/.raw/.keyword/g' {} ;

 

You would need to select ``logstash-*`` as a default index once you open any dashboard for the first time after initial load/import.

For optimal results an example of elasticsearch template has been included under `es-template\elasticsearch5-template.json` that is used in SELKS 4.

**NOTE:**  

This may delete any custom dashboards you already have in place. 

**NOTE:**  

In order to use the full HTTP logging dashboard template you need to set up Suricata as

explained here - http://www.pevma.blogspot.se/2014/06/http-header-fields-extended-logging.html  

**NOTE:**  

If the traffic you are inspecting contains vlans - in order to use the VLAN template, make sure you have enabled vlan tracking in ``suricata.yaml`` -

     vlan:

       use-for-tracking: true

**NOTE:**  

For best user experience use with 1680 x 1050 screen resolution!!  

Do not hesitate to test,feedback and contribute !