Search here...
Subscribe
Cybersecurity

DShield SIEM Docker Updates – SANS Internet Storm Center

By: jfsjg

Date:

Share post:

Over the past several weeks, I have been testing various enhancements to the DShield SIEM, to process DShield sensor log from local and cloud sensors with Filebeat and Filebeat modules to easily send Zeek and NetFlow logs back to a local network ELK stack via home router natting. This is a list of updates and enhancements:

– Upgrade to the current version of Elastic 8.17.2

– A single script to configure the base configuration of all the docker files (change_perms.sh)

– Addition of docker filebeat for cloud DShield sensor collection (Cowrie, Zeek & NetFlow logs)

– Second filebeat to ingest ISC & Rosti Threat Intel IP data [3]

– Separation of GitHub DShield SIEM & DShield sensor scripts

– Addition to docker Metricbeat for ELK Stack metric information

– Updated dashboard that includes Zeek in the tab lists

– Query in one dashboard is linked to the others

– Tested the ELK Stack in a LXC Proxmox container [4]

– The addition of ELK Stack monitoring of all the Beats and Logstash

– Configured Logstash to parse logs with Beats pipelines (Zeek & NetFlow)

– Removed and merged multiple steps to simplify the installation (change_perms.sh)

– Updated some sections of the Troubleshooting document [5]

– Updated some sections of the docker useful commands [6]

– Updated the DShield SIEM network flow [7]

– Docker update steps to current version [8]

DShield SIEM Main Dashboard

[1] https://github.com/bruneaug/DShield-SIEM/tree/main

[2] https://github.com/bruneaug/DShield-Sensor

[3] https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/ISC_threatintel.md

[4] https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/LXC_Container_DShield-SIEM.md

[5] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/Troubleshooting_SIEM_and_Sensor.md

[6] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/docker_useful_commands..md

[7] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/DShield-SIEM-Flow.png

[8] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/docker_useful_commands..md#update-dshield-elk-to-the-latest-version

[9] https://www.elastic.co/guide/en/elasticsearch/reference/current/release-notes-8.17.2.html

———–

Guy Bruneau IPSS Inc.

My GitHub Page

Twitter: GuyBruneau

gbruneau at isc dot sans dot edu



Source link

Previous article
Anti-Lag 2 removed from Spider-Man 2 PC port due to game crashes on Radeon GPUs
Next article
Sorry Okamiden Fans, It Sounds Like The Okami Sequel Will Basically Ignore The DS Follow-Up
jfsjg
jfsjghttps://nixusy.com
spot_img

Related articles

Cybersecurity

Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks

Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means...
Hardware Releases

The New Framework Laptop 16 Has An Upgradable GPU!

A Big Change From The FrameWork Laptop 13 Ars Technica got their hands on the all new FrameWork Laptop...
Software Updates & Reviews

Fragments Nov 19

I’ve been on the road in Europe for the last couple of weeks, and while I was there...
Tech Trends & Innovations

Logitech Promo Code: $25 Off This Holiday Season

A leader in almost everything tech and home-office related for over 40 years, Swiss-founded Logitech offers a vast...

Follow us

Stay informed with NIXusy, your go-to news portal for the latest updates in Business & Economy, Cars, Food, Music, Science, and current events.

Company

Contact Us

(844) 377-7292
support@nixusy.com
929 Malibu Dr, Garland, TX, 75043

Popular news

Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks

Cybersecurity
Bad actors are leveraging browser notifications as a vector...

The New Framework Laptop 16 Has An Upgradable GPU!

Hardware Releases
A Big Change From The FrameWork Laptop 13 Ars Technica...

Fragments Nov 19

Software Updates & Reviews
I’ve been on the road in Europe for the...

© 2025 nixusy.com. All Rights Reserved.