Kali
tsharkVM, this project builds virtual machine which can be used for analytics of tshark -T ek (ndjson) output. The virtual appliance is built using vagrant, which builds Debian 10 with pre-installed and pre-configured ELK stack. After the VM is up, the process is simple: decoded pcaps (tshark -T ek output / ndjson) are sent over TCP/17570 to the …
Continue reading “TsharkVM : Tshark + ELK Analytics Virtual Machine”
tsharkVM, this project builds virtual machine which can be used for analytics of tshark -T ek (ndjson) output. The virtual appliance is built using vagrant, which builds Debian 10 with pre-installed and pre-configured ELK stack. After the VM is up, the process is simple: decoded pcaps (tshark -T ek output / ndjson) are sent over TCP/17570 to the …
Continue reading “TSharkVM : TShark + ELK Analytics Virtual Machine”
Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system. It provides OSSIM-style correlation for normalized logs/events, perform lookup/query to threat intelligence and vulnerability information sources, and produces risk-adjusted alarms. Features Runs in standalone or clustered mode with NATS as messaging bus …
Continue reading “Dsiem : Security Event Correlation Engine For ELK Stack”
