Skip to content

Creating a Elasticsearch + Kibana SIEM

License

Notifications You must be signed in to change notification settings

alainw68/ELK-SIEM

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

69 Commits
 
 
 
 
 
 
 
 

Repository files navigation

ELK-SIEM + Wazuh Deployment Guide

  • Creating an Elasticsearch + Kibana + Wazuh SIEM

These documents are going to show you how I setup my ELK-SIEM + Wazuh workstations. This process can take a bit to complete and some parts are just import and you are done. Now these installs are two different devices, which are similar. While very different with how you ingest data and install agents.


  • This process was setup on a VMware ESXI 6.7.OU3B and these machines are running 24/7.
  • Now if you wanna use that process then this setup guide is still the same.

I am trying to make this process simple are straight to the point. So that you can follow along and re-create the same setup that I have created.

Resource References:


What is Elasticsearch? https://www.elastic.co/guide/en/elasticsearch/reference/current/elasticsearch-intro.html

What is Kibana? https://www.elastic.co/guide/en/kibana/current/introduction.html

What is Wazuh? https://documentation.wazuh.com/4.0/index.html


Required Software

  • Hosting Server Software

  • ubuntu Server 18.04 & 20.04 LTS #Option 3 https://ubuntu.com/download/server

  • The Hypervisor that you use is up to you but, process is still the same.

  • You can use linux or windows for the base hypervisor install.



These two are optional below. You will need physical hardware to install.


Installation Guide ELK-SIEM Setup


About

Creating a Elasticsearch + Kibana SIEM

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published