Elastic-SIEM is a docker compose template to experiment with Elastic Security features such as SIEM and Elastic Endpoint Security.
Official Overview
Bringing up the stack: sudo docker-compose up
As soon as the containers are ready, navigate to http://localhost:5601 and login with the following credentials
elastic : password
Cleanup: sudo docker-compose down
"Beats is a free and open platform for single-purpose data shippers. They send data from hundreds or thousands of machines and systems to Logstash or Elasticsearch."
Here are two examples for Filebeat and Auditbeat.
"Filebeat is a lightweight shipper for forwarding and centralizing log data. Installed as an agent on your servers, Filebeat monitors the log files or locations that you specify, collects log events, and forwards them either to Elasticsearch or Logstash for indexing."
TL;DR (short version)
- Download client (depending on the OS)
- Enable modules
sudo ./filebeat modules enable auditd system - Set up assets
sudo chown root filebeat.yml \ sudo chown -R root modules.d/ \ sudo chown -R root modules/ \ sudo ./filebeat setup -e - Start Filebeat
sudo ./filebeat -e - Info: Check the host, username and password configuration in the .yml file)
"Auditbeat is a lightweight shipper that you can install on your servers to audit the activities of users and processes on your systems."
TL;DR (short version)
- Download client (depending on the OS)
- Set up assets
sudo chown root auditbeat.yml \ sudo ./auditbeat setup -e - Start Auditbeat
sudo ./auditbeat -e - Info: Check the host, username and password configuration in the .yml file)
"Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to each host."
"Fleet provides a web-based UI in Kibana to add and manage integrations for popular services and platforms, as well as manage a fleet of Elastic Agents."
Overview of the endpoint security feature
Install Elastic Endpoint integration
Download Elastic Agent
Install Elastic Agent and enroll in Fleet
This project is licensed under the MIT License - see the LICENSE file for details