This content introduces the integration of Elasticsearch and Kibana in the GEKO stack, supporting Detection as Code. Steps include starting these services, managing detection rules through GitLab, and visualizing data. The guide emphasizes automation, validation, and creating dashboards for security management, encapsulating a modern approach to security engineering.
Category Archives: Logging & Monitoring
Running an Elasticsearch cluster using Docker Compose (Linux).
In this blog I will be installing Elasticsearch on Linux using Docker Compose. Unlike the previous Docker blog, Docker compose will streamline the setup process by defining and managing multi-container Docker applications, ensuring your Elasticsearch instance is up and running quickly and efficiently. I am using an Ubuntu 24.04 LTS Virtual Machine within VMware forContinue reading “Running an Elasticsearch cluster using Docker Compose (Linux).”
OpenCTI Threat Intelligence Platform (adding connectors and feeds)
This blog outlines the integration of two external-import connectors, MITRE ATT&CK and AbuseIPDB, into the OpenCTI platform to enhance Threat Intelligence data ingestion. It provides step-by-step instructions to configure these connectors using docker-compose.yml, including necessary adjustments for URLs and API keys to facilitate data import.
Arkime Network Analysis & Packet Capture tool (deploying a local demonstration instance)
Arkime is an open-source tool for network traffic capture and analysis, streamlining packet capture with detailed searches and integration with security tools. This blog guides on installing Arkime on Ubuntu using ElasticSearch as the backend. It covers setup and configuration steps, culminating in accessing the Arkime viewer for network insights.
You must be logged in to post a comment.