Search here...
Subscribe
Cybersecurity

DShield SIEM Docker Updates – SANS Internet Storm Center

By: jfsjg

Date:

Share post:

Over the past several weeks, I have been testing various enhancements to the DShield SIEM, to process DShield sensor log from local and cloud sensors with Filebeat and Filebeat modules to easily send Zeek and NetFlow logs back to a local network ELK stack via home router natting. This is a list of updates and enhancements:

– Upgrade to the current version of Elastic 8.17.2

– A single script to configure the base configuration of all the docker files (change_perms.sh)

– Addition of docker filebeat for cloud DShield sensor collection (Cowrie, Zeek & NetFlow logs)

– Second filebeat to ingest ISC & Rosti Threat Intel IP data [3]

– Separation of GitHub DShield SIEM & DShield sensor scripts

– Addition to docker Metricbeat for ELK Stack metric information

– Updated dashboard that includes Zeek in the tab lists

– Query in one dashboard is linked to the others

– Tested the ELK Stack in a LXC Proxmox container [4]

– The addition of ELK Stack monitoring of all the Beats and Logstash

– Configured Logstash to parse logs with Beats pipelines (Zeek & NetFlow)

– Removed and merged multiple steps to simplify the installation (change_perms.sh)

– Updated some sections of the Troubleshooting document [5]

– Updated some sections of the docker useful commands [6]

– Updated the DShield SIEM network flow [7]

– Docker update steps to current version [8]

DShield SIEM Main Dashboard

[1] https://github.com/bruneaug/DShield-SIEM/tree/main

[2] https://github.com/bruneaug/DShield-Sensor

[3] https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/ISC_threatintel.md

[4] https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/LXC_Container_DShield-SIEM.md

[5] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/Troubleshooting_SIEM_and_Sensor.md

[6] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/docker_useful_commands..md

[7] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/DShield-SIEM-Flow.png

[8] https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/docker_useful_commands..md#update-dshield-elk-to-the-latest-version

[9] https://www.elastic.co/guide/en/elasticsearch/reference/current/release-notes-8.17.2.html

———–

Guy Bruneau IPSS Inc.

My GitHub Page

Twitter: GuyBruneau

gbruneau at isc dot sans dot edu



Source link

Previous article
Anti-Lag 2 removed from Spider-Man 2 PC port due to game crashes on Radeon GPUs
Next article
Sorry Okamiden Fans, It Sounds Like The Okami Sequel Will Basically Ignore The DS Follow-Up
jfsjg
jfsjghttps://nixusy.com
spot_img

Related articles

Cybersecurity

LoD – Darknet Diaries

Full Transcript The Legion of Doom (LoD) wasn’t just a “hacker group”, it captured the...
Hardware Releases

Edifier’s Funky Portable ES300 Wireless Speaker

60W RMS From A 4″ Bass Driver And Dual 1.25″ Silk Dome Tweeters Portable speakers are a confusing product,...
Industry Events & Conferences

Corporate Event Registration Software: SSO, Approvals, Budget Controls

If you run events for a large organization, registration is no longer just a form on a landing...
Software Updates & Reviews

Future of AI in Car Wash App Development

The evolution of car wash apps has expanded beyond simplistic bookings and payments. Today, car wash app users...

Follow us

Stay informed with NIXusy, your go-to news portal for the latest updates in Business & Economy, Cars, Food, Music, Science, and current events.

Company

Contact Us

(844) 377-7292
support@nixusy.com
929 Malibu Dr, Garland, TX, 75043

Popular news

LoD – Darknet Diaries

Cybersecurity
Full Transcript The Legion of Doom...

Edifier’s Funky Portable ES300 Wireless Speaker

Hardware Releases
60W RMS From A 4″ Bass Driver And Dual...

Corporate Event Registration Software: SSO, Approvals, Budget Controls

Industry Events & Conferences
If you run events for a large organization, registration...

© 2025 nixusy.com. All Rights Reserved.