Integration between Suricata and ELK stack

Starter · January 31, 2021, 7:30am

Like I saw in that project
GitHub - telekom-security/tpotce: 🍯 T-Pot - The All In One Honeypot Platform 🐝 an integration between Suricata and ELK stack.

How does ELK stack got the information from Suricata to show such a wonderful view?

Does it take the information from Suricata log? Or access to Suricata DB directly(Suricata using Elastic Search as a DB ,right?)

ish · February 1, 2021, 4:28pm

Getting an ELK stack up and running can be complicated, especially if not already familiar with the stack. But the basic components are:

Elasticsearch running on some server.
Kibana running, usually on the same server as Elasticsearch, connected to Elasticsearch.
Logstash or Filebeat running on your Suricata sensor forwarding the logs to Elasticsearch.

But then generally you are left on your own to build up nice Dashboards in Kibana, as I’m not aware of a simple way to share pre-built ones. Or you could also try out something like SELKS (Stamus Networks | SELKS) which does all of the above for you with some nice Dashboards.

Topic		Replies	Views
Suricata and ELK stack Help	2	735	November 2, 2021
Contact suricata and siem use cases Help community	0	492	May 17, 2021
Suricata Logs from multiple interfaces Help	6	571	February 24, 2021
Suricata with BPF to prevent loopbacks Help	0	422	December 2, 2021
Architecture and Data aggregation Help	0	427	May 19, 2020

Integration between Suricata and ELK stack

Related Topics