Category: Security

Elasticstack (ELK) and pfSense Firewall – IP Traffic Statistics with Netflow

Elasticstack (ELK) and pfSense Firewall – IP Traffic Statistics with Netflow

Introduction In Logstash V5.6 a Netflow module was introduced to provide the  collection, normalisation, and visualisation of network flow data. This article, which details the configuration of Elasticstack as a Netflow collector and pfSense as a Netflow exporter, is a follow-on from the previously published articles. Only the previous Part 2 article, which deals with configuring Elasticstack …

+ Read More

Elasticstack (ELK) and pfSense Firewall – Monitoring system performance with Elastic Metricbeats

Elasticstack (ELK) and pfSense Firewall – Monitoring system performance with Elastic Metricbeats

Introduction This is an unexpected article that came about while reviewing the documentation for Elasticbeats (As used for the Elasticstack with pfSense and Suricata series). It covers the implementation on pfSense of Metricbeat, another element of the Elasticbeats package, a tool used for shipping system performance and utilization metrics to Elasticsearch for reporting and monitoring. …

+ Read More

Elasticstack (ELK), Suricata and pfSense Firewall – Part 4: Kibana Visualizations and Dashboards (Pretty Pictures)

Elasticstack (ELK), Suricata and pfSense Firewall – Part 4: Kibana Visualizations and Dashboards (Pretty Pictures)

Introduction In previous parts we have configured Elasticstack (Logstash, Elasticsearch and Kibana) on an Ubuntu server instance and the Elasticbeats Filebeats log shipper on a pfSense firewall to ship Suricata IDPS logs to the Elasticstack instance. We have configured the Logstash pipeline to enhance and enrich the data from our Suricata IDPS to enable richer …

+ Read More

Elasticstack (ELK), Suricata and pfSense Firewall – Part 3: Logstash Pipeline Additions – Suricata Alerts

Elasticstack (ELK), Suricata and pfSense Firewall – Part 3: Logstash Pipeline Additions – Suricata Alerts

Introduction In previous parts we have configured Elasticstack (Logstash, Elasticsearch and Kibana) on an Ubuntu server instance and the Elasticbeats Filebeats log shipper on a pfSense firewall to ship Suricata IDPS logs to the Elasticstack instance. In this part of the series we will look in more depth at the Logstash service, its pipeline and …

+ Read More

Elasticstack (ELK), Suricata and pfSense Firewall – Part 2: Elasticstack Installation and Config

Elasticstack (ELK), Suricata and pfSense Firewall – Part 2: Elasticstack Installation and Config

Introduction This is the second article in a series documenting the implementation of reporting using Elastic Stack of log data from the Suricata IDPS running on the Open Source pfSense firewall. This part 2 article covers the installation of the Elastic Stack onto and Ubuntu Server and the configuration of LogStash and Kibana to consume …

+ Read More

Elasticstack (ELK), Suricata and pfSense Firewall – Part 1: Elasticbeats and pfSense configuration

Elasticstack (ELK), Suricata and pfSense Firewall – Part 1: Elasticbeats and pfSense configuration

Introduction This is the first article in a series documenting the implementation of reporting using Elastic Stack of log data from the Suricata IDPS running on the Open Source pfSense firewall. It covers the installation and configuration of Elastic Filebeat on pfSense to ship logs to a remote Ubuntu server running the Elastic Stack. Installation …

+ Read More

Restricting Internet Explorer access to local drives and executables on Xenapp

Restricting Internet Explorer access to local drives and executables on Xenapp

In a XenApp Published Desktop environment there are typically a whole load of considerations with regards to the restriction of fuctionality to the users via Windows Explorer in a desktop environment which are not always put in place if the system is used to publish applications (As it is not expected the users will have …

+ Read More