Search here...
Subscribe
Cybersecurity

DShield SIEM Docker Updates – SANS Internet Storm Center

By: jfsjg

Date:

Share post:

Over the past several weeks, I have been testing various enhancements to the DShield SIEM, to process DShield sensor log from local and cloud sensors with Filebeat and Filebeat modules to easily send Zeek and NetFlow logs back to a local network ELK stack via home router natting. This is a list of updates and enhancements:

– Upgrade to the current version of Elastic 8.17.2

– A single script to configure the base configuration of all the docker files (change_perms.sh)

– Addition of docker filebeat for cloud DShield sensor collection (Cowrie, Zeek & NetFlow logs)

– Second filebeat to ingest ISC & Rosti Threat Intel IP data [3]

– Separation of GitHub DShield SIEM & DShield sensor scripts

– Addition to docker Metricbeat for ELK Stack metric information

– Updated dashboard that includes Zeek in the tab lists

– Query in one dashboard is linked to the others

– Tested the ELK Stack in a LXC Proxmox container [4]

– The addition of ELK Stack monitoring of all the Beats and Logstash

– Configured Logstash to parse logs with Beats pipelines (Zeek & NetFlow)

– Removed and merged multiple steps to simplify the installation (change_perms.sh)

– Updated some sections of the Troubleshooting document [5]

– Updated some sections of the docker useful commands [6]

– Updated the DShield SIEM network flow [7]

– Docker update steps to current version [8]

DShield SIEM Main Dashboard

[1] https://github.com/bruneaug/DShield-SIEM/tree/main

[2] https://github.com/bruneaug/DShield-Sensor

[3] https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/ISC_threatintel.md

[4] https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/LXC_Container_DShield-SIEM.md

[5] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/Troubleshooting_SIEM_and_Sensor.md

[6] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/docker_useful_commands..md

[7] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/DShield-SIEM-Flow.png

[8] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/docker_useful_commands..md#update-dshield-elk-to-the-latest-version

[9] https://www.elastic.co/guide/en/elasticsearch/reference/current/release-notes-8.17.2.html

———–

Guy Bruneau IPSS Inc.

My GitHub Page

Twitter: GuyBruneau

gbruneau at isc dot sans dot edu



Source link

Previous article
Anti-Lag 2 removed from Spider-Man 2 PC port due to game crashes on Radeon GPUs
Next article
Sorry Okamiden Fans, It Sounds Like The Okami Sequel Will Basically Ignore The DS Follow-Up
jfsjg
jfsjghttps://nixusy.com
spot_img

Related articles

Cybersecurity

September Patch Tuesday handles 81 CVEs – Sophos News

.Microsoft on Tuesday announced 81 patches affecting 15 product families. Nine of the addressed issues are considered by...
Hardware Releases

Follow This Advice Before Switching to a New iPhone 17

Are you considering getting one of the new iPhone 17 models? While it’s always tempting to unbox a...
Tech Trends & Innovations

Just Look How Bloody Gross Universal’s ‘Terrifier’ Haunted House Is

Damien Leone, the writer and director of the Terrifier film...
Gaming & Graphics

Turtle Beach Unveils New Range Of Officially Licensed Switch 2 Accessories – Controllers, Cases And More

If you're still on the hunt for certain Switch 2 accessories and are looking for alternatives to Nintendo's...

Follow us

Stay informed with NIXusy, your go-to news portal for the latest updates in Business & Economy, Cars, Food, Music, Science, and current events.

Company

Contact Us

(844) 377-7292
support@nixusy.com
929 Malibu Dr, Garland, TX, 75043

Popular news

© 2025 nixusy.com. All Rights Reserved.