Skip to content

Latest commit

 

History

History
79 lines (50 loc) · 3.18 KB

README.md

File metadata and controls

79 lines (50 loc) · 3.18 KB

DMARC Visualizer

Visualize DMARC results using open-source tools.

See the full blog post with the original instructions at Debricked.

Updates from original repository

  • parsedmarc

    • Running from python 3.11
    • Built in the geoip functions with cron running updates.
    • Runs in verbose mode by default.
    • Delayed start by waiting for Elasticsearch to report service healthy.
  • Grafana

    • Updated to recent release version - 10.1.5 (Upgrades to 10.2.x are causing errors that are yet to be resolved).
    • Uses a docker volume for data persistence.
    • Delayed start by waiting for Elasticsearch to report service healthy.
    • grafana-piechart-panel plugin is deprecated so has been removed and panel converted to the new builtin Piechart.
    • grafana-worldmap-panel plugin is deprecated so has been removed and panel converted to the new builtin Geomap.
  • Elasticsearch

    • Updated to current release version - 8.11.0.
    • Uses a docker volume for data persistence.
    • Runs health check to report service healthy, forcing other containers to wait until initialised.
  • Other

    • Containers are networked with manual IP addressing.

Instructions

git clone https://github.com/LukeCallaghan/dmarc-visualizer.git
cd dmarc-visualizer
docker-compose build
docker-compose up -d

The containers will start and can take a while to get running.

Visit http://localhost:3000/ in your browser. Default username and password is admin. This can be edited and will persist.

Configuration

Configuration options are available for each of the services.

parsedmarc

parsedmarc can be configured in the parsedmarc.ini file. There are common options included in the file already.

For a full list of options and information about their use, please visit the config section of the parsedmarc documentation

Geo IP

To enable Geo IP you will need to complete the requirements outlined in the geoipupdate section of the parsedmarc documentation

Once you have your license key file, you can update the GeoIP.conf file with your license details and remove the comments so the geoip functionality will work.

Elasticseach

If you are getting errors in your dashboard regarding memory issues, then you need to increase the memory available to the Elasticsearch instance. In the docker-compose file, you can change the line below to increase the memory:

- "ES_JAVA_OPTS=-Xms512m -Xms512m"

For example, to use 1Gb of memory you would use:

- "ES_JAVA_OPTS=-Xms1024m -Xms1024m"

Grafana

Customisation of the Grafana interface is done by following the guide from Volkov Labs

Screenshot

Screenshot of Grafana dashboard