Kibana

Goals: collect observables from supported feeds collect observables from unsupported feeds with elastic-tip Setup elasticsearch and kibana for filebeat We could use superuser elastic to setup filebeat but we are going to use a dedicated user with just the minimum permissions. Open Kibana and go to Stack Management > Security > Roles. Click Create role and enter the following settings: Role name: filebeat_threatintel_setup Cluster privileges: monitor, manage_ilm, manage_ml Index privileges: Indices: filebeat-* Privileges: manage, write, read Click Create role....

Goals: single node elasticsearch single node kibana password for all accounts https between all components behind traefik future post: collect network logs (routers) future post: collect application logs (web servers, dns servers, docker) future post: collect application metrics future post: correlate with threat intelligence Create compose file version: '3' services: es: image: docker.elastic.co/elasticsearch/elasticsearch:7.16.3 container_name: elastic_es restart: always env_file: - ./.env environment: ES_JAVA_OPTS: "-Xms2g -Xmx2g" node.name: "es" discovery.type: "single-node" bootstrap.memory_lock: "true" # minimal security xpack....