Skip to content
/ suricata-filestash-elk-docker Public

A basic suricata-in-docker approach with ELK and Filebeat's suricata-module

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tobuh/suricata-filestash-elk-docker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
filebeat
filebeat
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Suricata ELK with Filebeat-suricata-module

This is a out-of-the-box approach of Suricata with ELK and Filebeat's suricata-module.

The advantage is: you get Dashboards directly with the Filebeat module.

How to use

  • Change your interface in docker-compose.xml
  • Start with docker-compose up -d
  • Navigate to http://your.ip.addr.ess:5601
  • Look for "Dashboards" and search for "suricata". You will get the Dashboards suitable for suricata.
  • Enjoy!

As this Docker image (https://github.com/jasonish/docker-suricata) is used, you can use some additional commands:

  • Update suricata rules: docker exec -it --user suricata suricata_suricata_1 suricata-update -f
  • Logrotate: docker exec suricata_suricata_1 sudo logrotate /etc/logrotate.d/suricata

Further information

Thanks

Special thanks to @jasonish for the Suricata Docker image!

About

A basic suricata-in-docker approach with ELK and Filebeat's suricata-module

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published