https://github.com/alphasoc/alphasocbeat
https://github.com/alphasoc/alphasocbeat
Last synced: 4 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/alphasoc/alphasocbeat
- Owner: alphasoc
- License: other
- Created: 2021-04-22T13:57:03.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2021-06-15T11:36:18.000Z (about 5 years ago)
- Last Synced: 2025-03-23T12:51:24.334Z (over 1 year ago)
- Language: Go
- Size: 678 KB
- Stars: 1
- Watchers: 5
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.txt
Awesome Lists containing this project
README
# alphasocbeat
Alphasocbeat is a beat for the elastic stack. Its purpose is to download alerts generated by AlphaSOC Analytics Engine and ship them to elasticsearch.
It also provides Kibana dashboards helpful in reviewing the alerts.
AlphaSOC Threat Hunter dashboard:
AlphaSOC Detailed View dashboard:
# Setup / Installation
## Binaries
The latest alphasocbeat release can be found [here](https://github.com/alphasoc/alphasocbeat/releases).
## Configuration
Configuration is stored in `alphasocbeat.yml` file. Beat specific configuration requires 3 values:
```
alphasocbeat:
registry_file: checkpoint.yaml
api_url: https://api.alphasoc.net
api_key:
```
`registry_file` is used to store `follow` value, which provides data continuation between beat restarts. It allows downloading alerts newer than last downloaded alert, to avoid data duplication.
`api_key` api key provided by AlphaSOC, allows downloading alerts from API.
## Index setup
To setup elastic index provided by alphasocbeat, run the following command:
```
./alphasocbeat setup
```
## Running alphasocbeat
To start alphasocbeat, run the following command:
```
./alphasocbeat run
```
# Logs
Alphasocbeat logs are stored in `./logs` directory.
# Dashboards
By default dashboards are installed on running beat. Setting `setup.dashboards.enabled: false` disables that feature.