Build a Complete Open Source SIEM Stack in Just Minutes

Build a Complete Open Source SIEM Stack in Just Minutes - SOCFortress Fast Track!

Рет қаралды 12,997

Taylor Walton

Күн бұрын

Пікірлер

@petarsimovic5628 2 ай бұрын

Really great automation, and also great support for #open-source community

@iowawizkid1 2 ай бұрын

Way to GO dlo! I've been away for over a year and my wazuh is waay out of date. Looking forward to this quick deployment!

@AliciaFernandez-zy2pn Ай бұрын

You're exceptional....You finally listened

@SelienK 2 ай бұрын

thank you very much. i really hope there will be a step-by-step guide to build siem stack cluster (index cluster, graylog cluster, ....)

@adilhashmi7608 2 ай бұрын

Hope you give more information about the siem solution like how to collect logs and how to write custom rules and all

@chadmarkley 2 ай бұрын

This is so WOW. Love it. But a question. Should I have been putting my docker stuff in the /opt directory all along!?

@tulank1112 7 күн бұрын

how to add wazuh agent??

@freeload101 2 ай бұрын

You beat met too it ! Can't wait to make it even more idiot proof in JAMBOREE :P THANK YOU SO MUCH!

@07markus 2 ай бұрын

why greylog and wazuh together?

@thienngo1560 2 ай бұрын

same question. :?

@marcioguedes2072 2 ай бұрын

They use graylog to make log normalization of wazuh fields, to interact with other threat intel sources and some other things.

@christopherpeterson6004 2 ай бұрын

Graylog supports an agentless log ingestion input such as SYSLOG and manages the opensearch indexes as part of a fully open source ELK stack, whereas Wazuh depends on the agent to be installed.

@ederaam 2 ай бұрын

What is the final and real video to installing Soc fortress. You have some videos..

@derekjohnson1592 2 ай бұрын

Really easy to install and get running but now I nave to get data into the system...? Where would we point to push logs to the system

@aniketsaha7273 Ай бұрын

how can i connect a docker graylog with non-docker wazuh indexer ?? anyone help please......

@flightlessninja 2 ай бұрын

I'm trying to deploy but after running docker compose all the containers start aside from graylog that reports it is unable to find mongodb. Can anyone point me in the right direction for this who have been able to deploy the stack. Many Thanks

@flashcrick7082 Ай бұрын

Same issues if you found any thing to fix it plz update me on it.

@miltiadiskandias7002 25 күн бұрын

So, I encountered the same problem. In my case the issue was mongo complaining for a CPU that does not support AVX. To verify do a docker ps, copy paste the mongo id and run "docker logs mongo_ID --follow". If it says the same message, then you have to verify that your CPU supports AVX, in my case it did so went to proxmox, used the correct CPU (host) and after restarting the whole process from scratch got rid of the mongodb problem.

@jumpieva 28 күн бұрын

at 5:34 This threw me off because the document shows the file as root_ca.pem but the script creates root-ca.pem. may want to correct that. Otherwise very helpful thank you!