Giters

Verdatabo / blackesk

BLACK ESK SIEM is a SIEM platform built with Elasticsearch, Syslog-Ng and Kibana

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Installation

  • Clone the repo and run the installer
sh install.sh <single-node|multi-node>
  • Go have some coffee !
  • Access Kibana Interface at https://hostnameOrIP:5601
  • Read the output of install script for credentials :)

Features

  • TLS Enabled Communication between syslog-ng , kibana and elasticsearch.
  • User Roles and Authentication for Kibana Access.
  • Alerting Enabled in Kibana.
  • Syslog-ng performs GEOIP Lookup.
  • Patterndb Parsers for common applications.
  • Windows Log Ready
  • Wazuh Integration Ready.

Future Enhancements

  • Implement Reusable blocks in syslog-ng
  • Implement configuration variables in syslog-ng
  • Automatically create syslog-ng user via API
  • Implement Letsencrypt for certficates
  • Add wazuh integration

Learn More

Watch my videos at https://www.youtube.com/playlist?list=PL5PZjrSldZ81vy_pQV-hFy5F7S4JnAVqN

Need Help ?

Open an issue in github.

Buy me Coffee

Buy Me A Coffee

Youtube Demo and Tutorial

Alt text

About

BLACK ESK SIEM is a SIEM platform built with Elasticsearch, Syslog-Ng and Kibana

Languages

Language:Shell 95.5%Language:Dockerfile 4.5%