zogugl.blogg.se - Elk stack filebeats bro flow diagram

#Elk stack filebeats bro flow diagram Pc

The diagram below shows a rough guide to my home network.

A managed network switch which is capable of port mirroring.

And for it to run smoothly at least 8GB memory and a decent processor.

The server needs to have a minimum of 2 free network ports.

In my case, I have an HP Proliant M元50e running ESXI.

#Elk stack filebeats bro flow diagram Pc

A server/old PC capable of running Zeek and ELK.We will also look into deploying an endpoint agent on some devices to and feed those logs into ELK too. The plan for this solution is to tap our home network with Zeek and feed the logs into Elk, with Elk we can run queries across our data, build out some beautiful dashboards with Kibana, and even create some analytics to automate some detections. It’s used throughout the industry, especially in the network anomaly space, in fact, the UK cybersecurity company Darktrace uses Zeek as a key component of their product.

One way in which I used to describe Zeek to people is that it’s essentially an IDS but on steroids. In this series, I’m going to show you how you can utilise open source technology to build your own network monitoring solution good enough to be deployed in any enterprise environment! The two core technologies that we’re going to use are Zeek (formerly Bro) and ELK.įor those unaware, Zeek is an open-source network monitoring framework which creates alerts and events based from data collected by a network tap.