Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/StamusNetworks/KTS7
Kibana 7 Templates for Suricata IDPS Threat Hunting
https://github.com/StamusNetworks/KTS7
Last synced: about 2 months ago
JSON representation
Kibana 7 Templates for Suricata IDPS Threat Hunting
- Host: GitHub
- URL: https://github.com/StamusNetworks/KTS7
- Owner: StamusNetworks
- License: gpl-3.0
- Created: 2020-04-09T11:41:03.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2022-11-04T08:49:44.000Z (almost 2 years ago)
- Last Synced: 2024-04-15T02:10:12.265Z (5 months ago)
- Size: 1.09 MB
- Stars: 32
- Watchers: 8
- Forks: 9
- Open Issues: 4
-
Metadata Files:
- Readme: README.rst
- License: LICENSE
Awesome Lists containing this project
- awesome-suricata - KTS7 - Kibana 7 Templates for Suricata IDPS Threat Hunting. (Dashboards and Templates)
README
===============================
Kibana 7 Templates for Suricata
===============================
Templates/Dashboards for Kibana 7 to use with `Suricata
`_. Suricata IDPS/NSM threat hunting and the ELK 7 stack
This repository provides 28 dashboards for the Kibana 7.x and Elasticsearch 7.x
for use with Suricata IDS/IPS/NSM - Intrusion Detection, Intrusion Prevention and Network Security Monitoring system.
Those dashboards are already included by default in the `SELKS `_ distribution.
These dashboards are for use with Suricata 6+ and enabled Rust build, Elasticsearch, Logstash,
Kibana 7 and comprise of more than 400 visualizations and 24 predefined searches.
The dashboards are:
- SN-ALERTS
- SN-ALL
- SN-ANOMALY
- SN-DHCP
- SN-DNS
- SN-DNP3
- SN-FILE-Transactions
- SN-FLOW
- SN-HTTP
- SN-HUNT-1
- SN-IDS
- SN-IKEv2
- SN-KRB5
- SN-MQTT
- SN-NFS
- SN-OVERVIEW
- SN-RDP
- SN-RFB
- SN-SIP
- SN-SMB
- SN-SMTP
- SN-SNMP
- SN-SSH
- SN-STATS
- SN-TLS
- SN-VLAN
- SN-TFTP
- SN-TrafficID
How to use
==========
To import all the vizualizasitons and dahsboards to Kibana 7 using the native API - on the host runing Kibana 7 or ELK7: ::
cd API-KIBANA7
curl -X POST "localhost:5601/api/saved_objects/_import" -H 'kbn-xsrf: true' --form [email protected]
curl -X POST "localhost:5601/api/saved_objects/_import" -H 'kbn-xsrf: true' --form [email protected]
curl -X POST "localhost:5601/api/saved_objects/_import" -H 'kbn-xsrf: true' --form [email protected]
curl -X POST "localhost:5601/api/saved_objects/_import" -H 'kbn-xsrf: true' --form [email protected]
curl -X POST "localhost:5601/api/saved_objects/_import" -H 'kbn-xsrf: true' --form [email protected]
service kibana restart
To import all and overwrite - on the host runing Kibana 7 or ELK7: ::
cd API-KIBANA7
curl -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H 'kbn-xsrf: true' --form [email protected]
curl -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H 'kbn-xsrf: true' --form [email protected]
curl -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H 'kbn-xsrf: true' --form [email protected]
curl -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H 'kbn-xsrf: true' --form [email protected]
curl -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H 'kbn-xsrf: true' --form [email protected]
service kibana restart
The rest of the folder structure set up is Scirius CE specific and not needed in the manual import.
You would need to select ``logstash-*`` as a default index once you open any dashboard for the first time after initial load/import.
A similar to this logstash template could be used - https://github.com/StamusNetworks/SELKS/blob/SELKS5/staging/etc/logstash/conf.d/logstash.conf
For optimal results an example of elasticsearch template has been included under ``es-template\elasticsearch7-template.json`` that is used in SELKS 6.