Category: Suricata

Elasticstack (ELK), Suricata and pfSense Firewall – Part 4: Kibana Visualizations and Dashboards (Pretty Pictures)

Elasticstack (ELK), Suricata and pfSense Firewall – Part 4: Kibana Visualizations and Dashboards (Pretty Pictures)

Introduction In previous parts we have configured Elasticstack (Logstash, Elasticsearch and Kibana) on an Ubuntu server instance and the Elasticbeats Filebeats log shipper on a pfSense firewall to ship Suricata IDPS logs to the Elasticstack instance. We have configured the Logstash pipeline to enhance and enrich the data from our Suricata IDPS to enable richer …

+ Read More

Elasticstack (ELK), Suricata and pfSense Firewall – Part 3: Logstash Pipeline Additions – Suricata Alerts

Elasticstack (ELK), Suricata and pfSense Firewall – Part 3: Logstash Pipeline Additions – Suricata Alerts

Introduction In previous parts we have configured Elasticstack (Logstash, Elasticsearch and Kibana) on an Ubuntu server instance and the Elasticbeats Filebeats log shipper on a pfSense firewall to ship Suricata IDPS logs to the Elasticstack instance. In this part of the series we will look in more depth at the Logstash service, its pipeline and …

+ Read More

Elasticstack (ELK), Suricata and pfSense Firewall – Part 2: Elasticstack Installation and Config

Elasticstack (ELK), Suricata and pfSense Firewall – Part 2: Elasticstack Installation and Config

Introduction This is the second article in a series documenting the implementation of reporting using Elastic Stack of log data from the Suricata IDPS running on the Open Source pfSense firewall. This part 2 article covers the installation of the Elastic Stack onto and Ubuntu Server and the configuration of LogStash and Kibana to consume …

+ Read More

Elasticstack (ELK), Suricata and pfSense Firewall – Part 1: Elasticbeats and pfSense configuration

Elasticstack (ELK), Suricata and pfSense Firewall – Part 1: Elasticbeats and pfSense configuration

Introduction This is the first article in a series documenting the implementation of reporting using Elastic Stack of log data from the Suricata IDPS running on the Open Source pfSense firewall. It covers the installation and configuration of Elastic Filebeat on pfSense to ship logs to a remote Ubuntu server running the Elastic Stack. Installation …

+ Read More