Skip to content

betolj/KTS5

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
dashboards
dashboards
 
 
tools
tools
 
 
LICENSE
LICENSE
 
 
README.rst
README.rst
 
 
load.sh
load.sh
 
 

Repository files navigation

Kibana 5 Templates for Suricata

Templates/Dashboards for Kibana 5 to use with Suricata IDPS and the ELK stack

This repository provides 13 templates for the Kibana 5.x and Elasticsearch 5.x for use with Suricata IDS/IPS - Intrusion Detection and Prevention System.

These dashboards are for use with Suricata and ELK - Elasticsearch, Logstash, Kibana and comprise of more than 140 visualizations and 11 searches.

The dashboards are:

  • ALL
  • ALERTS
  • DNS
  • FILE Transactions
  • FLOW
  • HTTP
  • IDS
  • OVERVIEW
  • SMTP
  • SSH
  • TLS
  • VLAN
  • STATS

How to use

apt-get install git-core
git clone https://github.com/StamusNetworks/KTS5.git
cd KTS5

Load the dashboards:

./load.sh

You would need to select logstash-* as a default index once you open any dashboard for the first time after initial load/import.

NOTE: This may delete any custom dashboards you already have in place.

NOTE: In order to use the full HTTP logging dashboard template you need to set up Suricata as explained here - https://www.pevma.blogspot.se/2014/06/http-header-fields-extended-logging.html

NOTE: If the traffic you are inspecting contains vlans - in order to use the VLAN template, make sure you have enabled vlan tracking in suricata.yaml -

vlan:
use-for-tracking: true

NOTE: For best user experience use with 1680 x 1050 screen resolution!!

Do not hesitate to test,feedback and contribute !

About

Kibana 5 Templates for Suricata IDPS

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%