Skip to content

StamusNetworks/KTS5

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Kibana 5 Templates for Suricata

Templates/Dashboards for Kibana 5 to use with Suricata IDPS and the ELK stack

This repository provides 13 templates for the Kibana 5.x and Elasticsearch 5.x for use with Suricata IDS/IPS - Intrusion Detection and Prevention System.

These dashboards are for use with Suricata and ELK - Elasticsearch, Logstash, Kibana and comprise of more than 140 visualizations and 11 searches.

The dashboards are:

  • ALL
  • ALERTS
  • DNS
  • FILE Transactions
  • FLOW
  • HTTP
  • IDS
  • OVERVIEW
  • SMTP
  • SSH
  • TLS
  • VLAN
  • STATS

How to use

apt-get install git-core
git clone https://github.com/StamusNetworks/KTS5.git
cd KTS5

Load the dashboards:

./load.sh

If this is a clean elasticsearch 5.x installation (aka not an upgrade from 2.x to 5.x) you need to:

find /path/to/KTS5/dashboards/ -type f -exec sed -i -e 's/.raw/.keyword/g' {} ;

You would need to select logstash-* as a default index once you open any dashboard for the first time after initial load/import.

For optimal results an example of elasticsearch template has been included under es-templateelasticsearch5-template.json that is used in SELKS 4.

NOTE: This may delete any custom dashboards you already have in place.

NOTE: In order to use the full HTTP logging dashboard template you need to set up Suricata as explained here - http://www.pevma.blogspot.se/2014/06/http-header-fields-extended-logging.html

NOTE: If the traffic you are inspecting contains vlans - in order to use the VLAN template, make sure you have enabled vlan tracking in suricata.yaml -

vlan:
use-for-tracking: true

NOTE: For best user experience use with 1680 x 1050 screen resolution!!

Do not hesitate to test,feedback and contribute !

About

Kibana 5 Templates for Suricata IDPS

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published