Search here...
Subscribe
Cybersecurity

DShield SIEM Docker Updates – SANS Internet Storm Center

By: jfsjg

Date:

Share post:

Over the past several weeks, I have been testing various enhancements to the DShield SIEM, to process DShield sensor log from local and cloud sensors with Filebeat and Filebeat modules to easily send Zeek and NetFlow logs back to a local network ELK stack via home router natting. This is a list of updates and enhancements:

– Upgrade to the current version of Elastic 8.17.2

– A single script to configure the base configuration of all the docker files (change_perms.sh)

– Addition of docker filebeat for cloud DShield sensor collection (Cowrie, Zeek & NetFlow logs)

– Second filebeat to ingest ISC & Rosti Threat Intel IP data [3]

– Separation of GitHub DShield SIEM & DShield sensor scripts

– Addition to docker Metricbeat for ELK Stack metric information

– Updated dashboard that includes Zeek in the tab lists

– Query in one dashboard is linked to the others

– Tested the ELK Stack in a LXC Proxmox container [4]

– The addition of ELK Stack monitoring of all the Beats and Logstash

– Configured Logstash to parse logs with Beats pipelines (Zeek & NetFlow)

– Removed and merged multiple steps to simplify the installation (change_perms.sh)

– Updated some sections of the Troubleshooting document [5]

– Updated some sections of the docker useful commands [6]

– Updated the DShield SIEM network flow [7]

– Docker update steps to current version [8]

DShield SIEM Main Dashboard

[1] https://github.com/bruneaug/DShield-SIEM/tree/main

[2] https://github.com/bruneaug/DShield-Sensor

[3] https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/ISC_threatintel.md

[4] https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/LXC_Container_DShield-SIEM.md

[5] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/Troubleshooting_SIEM_and_Sensor.md

[6] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/docker_useful_commands..md

[7] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/DShield-SIEM-Flow.png

[8] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/docker_useful_commands..md#update-dshield-elk-to-the-latest-version

[9] https://www.elastic.co/guide/en/elasticsearch/reference/current/release-notes-8.17.2.html

———–

Guy Bruneau IPSS Inc.

My GitHub Page

Twitter: GuyBruneau

gbruneau at isc dot sans dot edu



Source link

Previous article
Anti-Lag 2 removed from Spider-Man 2 PC port due to game crashes on Radeon GPUs
Next article
Sorry Okamiden Fans, It Sounds Like The Okami Sequel Will Basically Ignore The DS Follow-Up
jfsjg
jfsjghttps://nixusy.com
spot_img

Related articles

Cybersecurity

Threat Intelligence Executive Report – Volume 2025, Number 4 – Sophos News

The Counter Threat Unitâ„¢ (CTU) research team analyzes security threats to help organizations protect their systems. Based on...
Hardware Releases

Trading Computers: Building the Best

When it comes to building the best trading computers, performance isn’t just a luxury—it’s a necessity. In the...
Software Updates & Reviews

Java Concurrency and Multithreading: A Practical Guide

Imagine: your online store is launching a massive...
Tech Trends & Innovations

Anduril, Blue Origin to study how to transport cargo from orbit to Earth for the Pentagon

Blue Origin and Anduril have landed new study contracts with the U.S. Air Force to explore how their...

Follow us

Stay informed with NIXusy, your go-to news portal for the latest updates in Business & Economy, Cars, Food, Music, Science, and current events.

Company

Contact Us

(844) 377-7292
support@nixusy.com
929 Malibu Dr, Garland, TX, 75043

Popular news

© 2025 nixusy.com. All Rights Reserved.