HELK/docker/helk-kibana-notebook-analys...

257 lines
6.6 KiB
YAML
Raw Normal View History

v0.1.3-alpha08242018 Docker-compose Files Version + Updated version to 3.5 Base Docker Ubuntu Image + Updated to phusion/baseimage version 0.11 (https://github.com/phusion/baseimage-docker/releases/tag/0.11) HELK base image + Updated to 0.0.2 due to Ubuntu upgrade HELK ELK Version + Now using 6.4.0 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-4-0-released?blade=tw&hulk=social) helk_install + Fixed https://github.com/Cyb3rWard0g/HELK/issues/99 helk-elasticsearch + Updated main yml config to set most of the settings via environment variables via docker-compose + Trial docker-compose file now has ELASTICSEARCH_PASSWORD environment variable set/available. Trial Dockerfile was deleted since the elasticsearch_password update is now taken care of by the internal elasticsearch docker script that is comes with the official elasticsearch docker image. + reduced the memory requirements from 4GB to 2GB helk-logstash + entrypoint scripts remove kafka output plugin 7.1.2 and installs version 7.1.1 due to https://github.com/logstash-plugins/logstash-output-kafka/pull/198 ++ this error happens right after upgrading ELK built from 6.3.2 to 6.4.0 helk-jupyter + Added Altair python package + updated Jupyterlab to 0.34.1 + updated jupyterhub to 0.9.2 + updated jupyterlab hub extension to 0.11.0 + updated Spark config to use Graphframes 0.6.0 (https://graphframes.github.io/user-guide.html) + updated spark-kafka library to spark-sql-kafka-0-10_2.11:2.3.1 helk-kafka-base + updated Kafka to 2.0.0 (this affects Kafka brokers and zookeeper) + Created user kafkauser to run kafka containers as non-root helk-kafka-broker + split entrypoint script to have topics creation separate ++ auomated the way how the container checks for the kafka broker port availability. If the port is open, then it attempts to create kafka topics + No need to tail kafka logs to keep the container alive after running the kafka start script. It now just starts the broker via Dockerfile CMD command and stays alive. helk-zookeeper + updated entrypoint to only set the main server config + zookeeper is now started via Dockerfile CMD command
2018-08-24 15:41:25 +00:00
version: '3.5'
services:
helk-elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.5.1
container_name: helk-elasticsearch
logging:
driver: "json-file"
options:
max-file: "9"
max-size: "6m"
v0.1.3-alpha08242018 Docker-compose Files Version + Updated version to 3.5 Base Docker Ubuntu Image + Updated to phusion/baseimage version 0.11 (https://github.com/phusion/baseimage-docker/releases/tag/0.11) HELK base image + Updated to 0.0.2 due to Ubuntu upgrade HELK ELK Version + Now using 6.4.0 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-4-0-released?blade=tw&hulk=social) helk_install + Fixed https://github.com/Cyb3rWard0g/HELK/issues/99 helk-elasticsearch + Updated main yml config to set most of the settings via environment variables via docker-compose + Trial docker-compose file now has ELASTICSEARCH_PASSWORD environment variable set/available. Trial Dockerfile was deleted since the elasticsearch_password update is now taken care of by the internal elasticsearch docker script that is comes with the official elasticsearch docker image. + reduced the memory requirements from 4GB to 2GB helk-logstash + entrypoint scripts remove kafka output plugin 7.1.2 and installs version 7.1.1 due to https://github.com/logstash-plugins/logstash-output-kafka/pull/198 ++ this error happens right after upgrading ELK built from 6.3.2 to 6.4.0 helk-jupyter + Added Altair python package + updated Jupyterlab to 0.34.1 + updated jupyterhub to 0.9.2 + updated jupyterlab hub extension to 0.11.0 + updated Spark config to use Graphframes 0.6.0 (https://graphframes.github.io/user-guide.html) + updated spark-kafka library to spark-sql-kafka-0-10_2.11:2.3.1 helk-kafka-base + updated Kafka to 2.0.0 (this affects Kafka brokers and zookeeper) + Created user kafkauser to run kafka containers as non-root helk-kafka-broker + split entrypoint script to have topics creation separate ++ auomated the way how the container checks for the kafka broker port availability. If the port is open, then it attempts to create kafka topics + No need to tail kafka logs to keep the container alive after running the kafka start script. It now just starts the broker via Dockerfile CMD command and stays alive. helk-zookeeper + updated entrypoint to only set the main server config + zookeeper is now started via Dockerfile CMD command
2018-08-24 15:41:25 +00:00
secrets:
- source: elasticsearch.yml
target: /usr/share/elasticsearch/config/elasticsearch.yml
volumes:
- esdata:/usr/share/elasticsearch/data
- ./helk-elasticsearch/scripts:/usr/share/elasticsearch/scripts
- ./helk-elasticsearch/config/jvm.options:/usr/share/elasticsearch/config/jvm.options
HELK v0.1.3-alpha08032018 All + Moved all to docker folder. Getting ready to start sharing other ways to deploy helk (terraform & Packer maybe) Compose-files + Basic & Trial Elastic Subscriptions available now and can be automatically managed via the helk_install script ELK Version : 6.3.2 Elasticsearch + Set 4GB for ES_JAVA_OPTS by default allowing the modification of it via docker-compose and calculating half of the host memory if it is not set + Added Entrypoint script and using docker-entrypoint to start ES Logstash + Big Pipeline Update by Nate Guagenti (@neu5ron) ++better cli & file name searching ++”dst_ip_public:true” filter out all rfc1918/non-routable ++Geo ASName ++Identification of 16+ windows IP fields ++Arrayed IPs support ++IPv6&IPv4 differentiation ++removing “-“ values and MORE!!! ++ THANK YOU SO MUCH NATE!!! ++ PR: https://github.com/Cyb3rWard0g/HELK/pull/93 + Added entrypoint script to push new output_templates straight to Elasticsearch per Nate's recommendation + Starting Logstash now with docker-entrypoint + "event_data" is now taken out of winlogbeat logs to allow integration with nxlog (sauce added by Nate Guagenti (@neu5ron) Kibana + Kibana yml file updated to allow a longer time for timeout Nginx: + it handles communications to Kibana and Jupyterhub via port 443 SSL + certificate and key get created at build time + Nate added several settings to improve the way how nginx operates Jupyterhub + Multiple users and mulitple notebooks open at the same time are possible now + Jupytehub now has 3 users hunter1,hunter2.hunter3 and password patterh is <user>P@ssw0rd! + Every notebook created is also JupyterLab + Updated ES-Hadoop 6.3.2 Kafka Update + 1.1.1 Update Spark Master + Brokers + reduce memory for brokers by default to 512m Resources: + Added new images for Wiki
2018-08-03 18:13:25 +00:00
entrypoint: /usr/share/elasticsearch/scripts/elasticsearch-entrypoint.sh
environment:
v0.1.3-alpha08242018 Docker-compose Files Version + Updated version to 3.5 Base Docker Ubuntu Image + Updated to phusion/baseimage version 0.11 (https://github.com/phusion/baseimage-docker/releases/tag/0.11) HELK base image + Updated to 0.0.2 due to Ubuntu upgrade HELK ELK Version + Now using 6.4.0 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-4-0-released?blade=tw&hulk=social) helk_install + Fixed https://github.com/Cyb3rWard0g/HELK/issues/99 helk-elasticsearch + Updated main yml config to set most of the settings via environment variables via docker-compose + Trial docker-compose file now has ELASTICSEARCH_PASSWORD environment variable set/available. Trial Dockerfile was deleted since the elasticsearch_password update is now taken care of by the internal elasticsearch docker script that is comes with the official elasticsearch docker image. + reduced the memory requirements from 4GB to 2GB helk-logstash + entrypoint scripts remove kafka output plugin 7.1.2 and installs version 7.1.1 due to https://github.com/logstash-plugins/logstash-output-kafka/pull/198 ++ this error happens right after upgrading ELK built from 6.3.2 to 6.4.0 helk-jupyter + Added Altair python package + updated Jupyterlab to 0.34.1 + updated jupyterhub to 0.9.2 + updated jupyterlab hub extension to 0.11.0 + updated Spark config to use Graphframes 0.6.0 (https://graphframes.github.io/user-guide.html) + updated spark-kafka library to spark-sql-kafka-0-10_2.11:2.3.1 helk-kafka-base + updated Kafka to 2.0.0 (this affects Kafka brokers and zookeeper) + Created user kafkauser to run kafka containers as non-root helk-kafka-broker + split entrypoint script to have topics creation separate ++ auomated the way how the container checks for the kafka broker port availability. If the port is open, then it attempts to create kafka topics + No need to tail kafka logs to keep the container alive after running the kafka start script. It now just starts the broker via Dockerfile CMD command and stays alive. helk-zookeeper + updated entrypoint to only set the main server config + zookeeper is now started via Dockerfile CMD command
2018-08-24 15:41:25 +00:00
- cluster.name=helk-cluster
- node.name=helk-1
v0.1.6-alpha12132018 HELK base image + Updated to 0.0.3 HELK ELK Version + Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released) helk_install + Users can now select between two deployments: ++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT) ++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER) + Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option. helk-elastalert + Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g helk-elasticsearch + consolidated main configs in one + added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK. helk-logstash + updated to 6.5.3 + simplified pipeline to have only one folder + logstash-entrypoint script can now enable elastic password on all logstash output conf files. + New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT) helk-nginx + split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base) helk-kibana + Updated to version 6.5.3 + Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic helk-jupyter + updated Jupyterlab to 0.35.4 + updated jupyterhub to 0.9.4 + updated jupyterlab hub extension to 0.12.0 + updated ES_HADOOP to 6.5.3 + updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0 + Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time helk-kafka-base + reduced docker container size + updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper) helk-kafka-broker + User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own. helk-zookeeper + reduced size of container + updated build to kafka 2.1.0 helk-KSQL + initial integration of KSQL + KSQL Server and KSQL CLI are available + Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
- xpack.license.self_generated.type=basic
- xpack.security.enabled=false
ulimits:
memlock:
soft: -1
hard: -1
nproc: 20480
nofile:
soft: 160000
hard: 160000
restart: always
networks:
helk:
helk-logstash:
build: helk-logstash/
container_name: helk-logstash
logging:
driver: "json-file"
options:
max-file: "9"
max-size: "6m"
volumes:
- ./helk-logstash/pipeline:/usr/share/logstash/pipeline
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
- ./helk-logstash/plugins:/usr/share/logstash/plugins
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
- ./helk-logstash/scripts:/usr/share/logstash/scripts
HELK v0.1.3-alpha08032018 All + Moved all to docker folder. Getting ready to start sharing other ways to deploy helk (terraform & Packer maybe) Compose-files + Basic & Trial Elastic Subscriptions available now and can be automatically managed via the helk_install script ELK Version : 6.3.2 Elasticsearch + Set 4GB for ES_JAVA_OPTS by default allowing the modification of it via docker-compose and calculating half of the host memory if it is not set + Added Entrypoint script and using docker-entrypoint to start ES Logstash + Big Pipeline Update by Nate Guagenti (@neu5ron) ++better cli & file name searching ++”dst_ip_public:true” filter out all rfc1918/non-routable ++Geo ASName ++Identification of 16+ windows IP fields ++Arrayed IPs support ++IPv6&IPv4 differentiation ++removing “-“ values and MORE!!! ++ THANK YOU SO MUCH NATE!!! ++ PR: https://github.com/Cyb3rWard0g/HELK/pull/93 + Added entrypoint script to push new output_templates straight to Elasticsearch per Nate's recommendation + Starting Logstash now with docker-entrypoint + "event_data" is now taken out of winlogbeat logs to allow integration with nxlog (sauce added by Nate Guagenti (@neu5ron) Kibana + Kibana yml file updated to allow a longer time for timeout Nginx: + it handles communications to Kibana and Jupyterhub via port 443 SSL + certificate and key get created at build time + Nate added several settings to improve the way how nginx operates Jupyterhub + Multiple users and mulitple notebooks open at the same time are possible now + Jupytehub now has 3 users hunter1,hunter2.hunter3 and password patterh is <user>P@ssw0rd! + Every notebook created is also JupyterLab + Updated ES-Hadoop 6.3.2 Kafka Update + 1.1.1 Update Spark Master + Brokers + reduce memory for brokers by default to 512m Resources: + Added new images for Wiki
2018-08-03 18:13:25 +00:00
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
environment:
- "HELK_LOGSTASH_JAVA_OPTS=-XX:-UseConcMarkSweepGC -XX:-UseCMSInitiatingOccupancyOnly -XX:+UseG1GC"
v0.1.3-alpha08242018 Docker-compose Files Version + Updated version to 3.5 Base Docker Ubuntu Image + Updated to phusion/baseimage version 0.11 (https://github.com/phusion/baseimage-docker/releases/tag/0.11) HELK base image + Updated to 0.0.2 due to Ubuntu upgrade HELK ELK Version + Now using 6.4.0 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-4-0-released?blade=tw&hulk=social) helk_install + Fixed https://github.com/Cyb3rWard0g/HELK/issues/99 helk-elasticsearch + Updated main yml config to set most of the settings via environment variables via docker-compose + Trial docker-compose file now has ELASTICSEARCH_PASSWORD environment variable set/available. Trial Dockerfile was deleted since the elasticsearch_password update is now taken care of by the internal elasticsearch docker script that is comes with the official elasticsearch docker image. + reduced the memory requirements from 4GB to 2GB helk-logstash + entrypoint scripts remove kafka output plugin 7.1.2 and installs version 7.1.1 due to https://github.com/logstash-plugins/logstash-output-kafka/pull/198 ++ this error happens right after upgrading ELK built from 6.3.2 to 6.4.0 helk-jupyter + Added Altair python package + updated Jupyterlab to 0.34.1 + updated jupyterhub to 0.9.2 + updated jupyterlab hub extension to 0.11.0 + updated Spark config to use Graphframes 0.6.0 (https://graphframes.github.io/user-guide.html) + updated spark-kafka library to spark-sql-kafka-0-10_2.11:2.3.1 helk-kafka-base + updated Kafka to 2.0.0 (this affects Kafka brokers and zookeeper) + Created user kafkauser to run kafka containers as non-root helk-kafka-broker + split entrypoint script to have topics creation separate ++ auomated the way how the container checks for the kafka broker port availability. If the port is open, then it attempts to create kafka topics + No need to tail kafka logs to keep the container alive after running the kafka start script. It now just starts the broker via Dockerfile CMD command and stays alive. helk-zookeeper + updated entrypoint to only set the main server config + zookeeper is now started via Dockerfile CMD command
2018-08-24 15:41:25 +00:00
ports:
- "5044:5044"
- "8531:8531"
2020-01-03 17:19:57 +00:00
- "3515:3515"
restart: always
depends_on:
- helk-kibana
networks:
helk:
helk-kibana:
image: docker.elastic.co/kibana/kibana:7.5.1
container_name: helk-kibana
logging:
driver: "json-file"
options:
max-file: "9"
max-size: "6m"
v0.1.3-alpha08242018 Docker-compose Files Version + Updated version to 3.5 Base Docker Ubuntu Image + Updated to phusion/baseimage version 0.11 (https://github.com/phusion/baseimage-docker/releases/tag/0.11) HELK base image + Updated to 0.0.2 due to Ubuntu upgrade HELK ELK Version + Now using 6.4.0 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-4-0-released?blade=tw&hulk=social) helk_install + Fixed https://github.com/Cyb3rWard0g/HELK/issues/99 helk-elasticsearch + Updated main yml config to set most of the settings via environment variables via docker-compose + Trial docker-compose file now has ELASTICSEARCH_PASSWORD environment variable set/available. Trial Dockerfile was deleted since the elasticsearch_password update is now taken care of by the internal elasticsearch docker script that is comes with the official elasticsearch docker image. + reduced the memory requirements from 4GB to 2GB helk-logstash + entrypoint scripts remove kafka output plugin 7.1.2 and installs version 7.1.1 due to https://github.com/logstash-plugins/logstash-output-kafka/pull/198 ++ this error happens right after upgrading ELK built from 6.3.2 to 6.4.0 helk-jupyter + Added Altair python package + updated Jupyterlab to 0.34.1 + updated jupyterhub to 0.9.2 + updated jupyterlab hub extension to 0.11.0 + updated Spark config to use Graphframes 0.6.0 (https://graphframes.github.io/user-guide.html) + updated spark-kafka library to spark-sql-kafka-0-10_2.11:2.3.1 helk-kafka-base + updated Kafka to 2.0.0 (this affects Kafka brokers and zookeeper) + Created user kafkauser to run kafka containers as non-root helk-kafka-broker + split entrypoint script to have topics creation separate ++ auomated the way how the container checks for the kafka broker port availability. If the port is open, then it attempts to create kafka topics + No need to tail kafka logs to keep the container alive after running the kafka start script. It now just starts the broker via Dockerfile CMD command and stays alive. helk-zookeeper + updated entrypoint to only set the main server config + zookeeper is now started via Dockerfile CMD command
2018-08-24 15:41:25 +00:00
secrets:
- source: kibana.yml
target: /usr/share/kibana/config/kibana.yml
volumes:
- ./helk-kibana/objects:/usr/share/kibana/objects
- ./helk-kibana/scripts:/usr/share/kibana/scripts
2019-05-21 04:51:24 +00:00
- ./helk-kibana/custom:/usr/share/kibana/custom
entrypoint: /usr/share/kibana/scripts/kibana-entrypoint.sh
restart: always
depends_on:
- helk-elasticsearch
networks:
helk:
helk-nginx:
v0.1.3-alpha08242018 Docker-compose Files Version + Updated version to 3.5 Base Docker Ubuntu Image + Updated to phusion/baseimage version 0.11 (https://github.com/phusion/baseimage-docker/releases/tag/0.11) HELK base image + Updated to 0.0.2 due to Ubuntu upgrade HELK ELK Version + Now using 6.4.0 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-4-0-released?blade=tw&hulk=social) helk_install + Fixed https://github.com/Cyb3rWard0g/HELK/issues/99 helk-elasticsearch + Updated main yml config to set most of the settings via environment variables via docker-compose + Trial docker-compose file now has ELASTICSEARCH_PASSWORD environment variable set/available. Trial Dockerfile was deleted since the elasticsearch_password update is now taken care of by the internal elasticsearch docker script that is comes with the official elasticsearch docker image. + reduced the memory requirements from 4GB to 2GB helk-logstash + entrypoint scripts remove kafka output plugin 7.1.2 and installs version 7.1.1 due to https://github.com/logstash-plugins/logstash-output-kafka/pull/198 ++ this error happens right after upgrading ELK built from 6.3.2 to 6.4.0 helk-jupyter + Added Altair python package + updated Jupyterlab to 0.34.1 + updated jupyterhub to 0.9.2 + updated jupyterlab hub extension to 0.11.0 + updated Spark config to use Graphframes 0.6.0 (https://graphframes.github.io/user-guide.html) + updated spark-kafka library to spark-sql-kafka-0-10_2.11:2.3.1 helk-kafka-base + updated Kafka to 2.0.0 (this affects Kafka brokers and zookeeper) + Created user kafkauser to run kafka containers as non-root helk-kafka-broker + split entrypoint script to have topics creation separate ++ auomated the way how the container checks for the kafka broker port availability. If the port is open, then it attempts to create kafka topics + No need to tail kafka logs to keep the container alive after running the kafka start script. It now just starts the broker via Dockerfile CMD command and stays alive. helk-zookeeper + updated entrypoint to only set the main server config + zookeeper is now started via Dockerfile CMD command
2018-08-24 15:41:25 +00:00
image: cyb3rward0g/helk-nginx:0.0.7
container_name: helk-nginx
logging:
driver: "json-file"
options:
max-file: "9"
max-size: "6m"
v0.1.3-alpha08242018 Docker-compose Files Version + Updated version to 3.5 Base Docker Ubuntu Image + Updated to phusion/baseimage version 0.11 (https://github.com/phusion/baseimage-docker/releases/tag/0.11) HELK base image + Updated to 0.0.2 due to Ubuntu upgrade HELK ELK Version + Now using 6.4.0 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-4-0-released?blade=tw&hulk=social) helk_install + Fixed https://github.com/Cyb3rWard0g/HELK/issues/99 helk-elasticsearch + Updated main yml config to set most of the settings via environment variables via docker-compose + Trial docker-compose file now has ELASTICSEARCH_PASSWORD environment variable set/available. Trial Dockerfile was deleted since the elasticsearch_password update is now taken care of by the internal elasticsearch docker script that is comes with the official elasticsearch docker image. + reduced the memory requirements from 4GB to 2GB helk-logstash + entrypoint scripts remove kafka output plugin 7.1.2 and installs version 7.1.1 due to https://github.com/logstash-plugins/logstash-output-kafka/pull/198 ++ this error happens right after upgrading ELK built from 6.3.2 to 6.4.0 helk-jupyter + Added Altair python package + updated Jupyterlab to 0.34.1 + updated jupyterhub to 0.9.2 + updated jupyterlab hub extension to 0.11.0 + updated Spark config to use Graphframes 0.6.0 (https://graphframes.github.io/user-guide.html) + updated spark-kafka library to spark-sql-kafka-0-10_2.11:2.3.1 helk-kafka-base + updated Kafka to 2.0.0 (this affects Kafka brokers and zookeeper) + Created user kafkauser to run kafka containers as non-root helk-kafka-broker + split entrypoint script to have topics creation separate ++ auomated the way how the container checks for the kafka broker port availability. If the port is open, then it attempts to create kafka topics + No need to tail kafka logs to keep the container alive after running the kafka start script. It now just starts the broker via Dockerfile CMD command and stays alive. helk-zookeeper + updated entrypoint to only set the main server config + zookeeper is now started via Dockerfile CMD command
2018-08-24 15:41:25 +00:00
secrets:
- source: htpasswd.users
target: /etc/nginx/htpasswd.users
HELK-07122018 License: GPL-3.0 Update ++ Updated all the local documents ++ Docker images in Dockerhub in progreess Docker-Compose ++ Created two options: basic and trial ELK Stack Docker Files ++ Created Trial Folders to make sure the configurations are set properly for when the user selects trial version of HELK. ++++ HELK trial = x-pack + trial license + security enabled ++ Deprecating the HELKs Platinum's Branch. Merging that branch with the HELKs master to allow user to select the type of license during the install process. Jupyter ++ Getting ready for Jupyterhub ++ Created two folders: basic and trial to allow elasticsearch interaciton with username and password hardcoded in the spark session. trial license requires any interaction with elasticsearch to be authenticated. Kibana ++ Added trial folder with scripts that set up security configs for the trial version of HELK. It creates users and roles to test the security features of x-pack Logstash ++ Created trial folder with another pipeline folder in it. The pipeline in trial has output configs with elasticsearch's username and password hardcoded. Ready for when the user sets the build with trial license and wants to send logs to elasticsearch. The logstash configs are the same as the ones from the defailt pipeline. They only have username and password configs on all the output configs. Nginx ++ set trial folder with the right config to allow Kibana handle the authentication process when user builds and installs HELK with a trial license. No need for nginx to handle the authentication. helk_install bash script ++ Updated script to handle license choice : basic or trial ++ basic license is selected by default. If user selects trial, it runs the specific docker-compose file needed to build and install HELK with the right trial configs. ++ Updated also the CLI options. User now will have to specify the license for HELK. Example: sudo ./helk_install.sh -i 192.168.64.131 -l basic
2018-07-12 04:29:09 +00:00
volumes:
2019-05-29 23:43:36 +00:00
- ./helk-nginx/config/basic-helk:/etc/nginx/sites-available/default
HELK v0.1.3-alpha08032018 All + Moved all to docker folder. Getting ready to start sharing other ways to deploy helk (terraform & Packer maybe) Compose-files + Basic & Trial Elastic Subscriptions available now and can be automatically managed via the helk_install script ELK Version : 6.3.2 Elasticsearch + Set 4GB for ES_JAVA_OPTS by default allowing the modification of it via docker-compose and calculating half of the host memory if it is not set + Added Entrypoint script and using docker-entrypoint to start ES Logstash + Big Pipeline Update by Nate Guagenti (@neu5ron) ++better cli & file name searching ++”dst_ip_public:true” filter out all rfc1918/non-routable ++Geo ASName ++Identification of 16+ windows IP fields ++Arrayed IPs support ++IPv6&IPv4 differentiation ++removing “-“ values and MORE!!! ++ THANK YOU SO MUCH NATE!!! ++ PR: https://github.com/Cyb3rWard0g/HELK/pull/93 + Added entrypoint script to push new output_templates straight to Elasticsearch per Nate's recommendation + Starting Logstash now with docker-entrypoint + "event_data" is now taken out of winlogbeat logs to allow integration with nxlog (sauce added by Nate Guagenti (@neu5ron) Kibana + Kibana yml file updated to allow a longer time for timeout Nginx: + it handles communications to Kibana and Jupyterhub via port 443 SSL + certificate and key get created at build time + Nate added several settings to improve the way how nginx operates Jupyterhub + Multiple users and mulitple notebooks open at the same time are possible now + Jupytehub now has 3 users hunter1,hunter2.hunter3 and password patterh is <user>P@ssw0rd! + Every notebook created is also JupyterLab + Updated ES-Hadoop 6.3.2 Kafka Update + 1.1.1 Update Spark Master + Brokers + reduce memory for brokers by default to 512m Resources: + Added new images for Wiki
2018-08-03 18:13:25 +00:00
- ./helk-nginx/scripts/:/opt/helk/scripts/
entrypoint: /opt/helk/scripts/nginx-entrypoint.sh
ports:
- "80:80"
HELK v0.1.3-alpha08032018 All + Moved all to docker folder. Getting ready to start sharing other ways to deploy helk (terraform & Packer maybe) Compose-files + Basic & Trial Elastic Subscriptions available now and can be automatically managed via the helk_install script ELK Version : 6.3.2 Elasticsearch + Set 4GB for ES_JAVA_OPTS by default allowing the modification of it via docker-compose and calculating half of the host memory if it is not set + Added Entrypoint script and using docker-entrypoint to start ES Logstash + Big Pipeline Update by Nate Guagenti (@neu5ron) ++better cli & file name searching ++”dst_ip_public:true” filter out all rfc1918/non-routable ++Geo ASName ++Identification of 16+ windows IP fields ++Arrayed IPs support ++IPv6&IPv4 differentiation ++removing “-“ values and MORE!!! ++ THANK YOU SO MUCH NATE!!! ++ PR: https://github.com/Cyb3rWard0g/HELK/pull/93 + Added entrypoint script to push new output_templates straight to Elasticsearch per Nate's recommendation + Starting Logstash now with docker-entrypoint + "event_data" is now taken out of winlogbeat logs to allow integration with nxlog (sauce added by Nate Guagenti (@neu5ron) Kibana + Kibana yml file updated to allow a longer time for timeout Nginx: + it handles communications to Kibana and Jupyterhub via port 443 SSL + certificate and key get created at build time + Nate added several settings to improve the way how nginx operates Jupyterhub + Multiple users and mulitple notebooks open at the same time are possible now + Jupytehub now has 3 users hunter1,hunter2.hunter3 and password patterh is <user>P@ssw0rd! + Every notebook created is also JupyterLab + Updated ES-Hadoop 6.3.2 Kafka Update + 1.1.1 Update Spark Master + Brokers + reduce memory for brokers by default to 512m Resources: + Added new images for Wiki
2018-08-03 18:13:25 +00:00
- "443:443"
restart: always
depends_on:
HELK 6.2.4-050318 ## Overall + Removed the Init files dependencies on all containers + Added more resources to the resources folder (papers and presentations) + Updated to-do list on main README + Removed Static Network setting. Addressing overlapping network issues (https://github.com/Cyb3rWard0g/HELK/issues/43) + Updated WIki and added new images to it + Started documenting potential error messages or bugs with a few quick fixes ## Helk Install Script + Script now collects information about Available Memory and Disk size for LINUX host ONLY. it only continues if the box hosting the HELK has at least 12GB of RAM and 50GB of Disk Available. (This can be overwritten manually by just editing the helk_install script before installing the HELK) ## ELK Stack + Started using Elastic Docker Images as a base + Updated ELK stack to 6.2.4 version + X-Pack Basic Free License attached to build automatically + Monitoring capabilities are now enabled in the build (Reason why Cerebro went away) ## Spark + Integrated Spark Standalone Cluster Manager + Spark Node running with Jupyter Notebook now points to the Helk-Spark-Master container for any execution of code + Added Spark Master and Worker Docker Images + Build runs now with 2 Workers and 1 Master by default. + Apache Arrow is enabled for Pandas Dataframe optimization + Created Spark-Base Docker Image (Applied to the Jupyter Image) ## Kafka + Kafka Container was split in Kafka Brokers and one Zookeeper + Helk runs with 2 Kafka Brokers and 1 Zookeeper by default ## Jupyter Container + Preparing to add Zeppelin Notebook. the Analytics container is now named Jupyter. It uses the Spark-Base image to build on the top and install the necessary packagess + New packages were added: ++ nxviz ++ hiveplot ++ pyarrow + Apache Arrow is not enabled on the Jupyter node to be able to optimize the use of Pandas DataFrames
2018-05-03 19:54:12 +00:00
- helk-kibana
networks:
helk:
helk-zookeeper:
2019-05-21 04:51:24 +00:00
image: cyb3rward0g/helk-zookeeper:2.2.0
HELK 6.2.4-050318 ## Overall + Removed the Init files dependencies on all containers + Added more resources to the resources folder (papers and presentations) + Updated to-do list on main README + Removed Static Network setting. Addressing overlapping network issues (https://github.com/Cyb3rWard0g/HELK/issues/43) + Updated WIki and added new images to it + Started documenting potential error messages or bugs with a few quick fixes ## Helk Install Script + Script now collects information about Available Memory and Disk size for LINUX host ONLY. it only continues if the box hosting the HELK has at least 12GB of RAM and 50GB of Disk Available. (This can be overwritten manually by just editing the helk_install script before installing the HELK) ## ELK Stack + Started using Elastic Docker Images as a base + Updated ELK stack to 6.2.4 version + X-Pack Basic Free License attached to build automatically + Monitoring capabilities are now enabled in the build (Reason why Cerebro went away) ## Spark + Integrated Spark Standalone Cluster Manager + Spark Node running with Jupyter Notebook now points to the Helk-Spark-Master container for any execution of code + Added Spark Master and Worker Docker Images + Build runs now with 2 Workers and 1 Master by default. + Apache Arrow is enabled for Pandas Dataframe optimization + Created Spark-Base Docker Image (Applied to the Jupyter Image) ## Kafka + Kafka Container was split in Kafka Brokers and one Zookeeper + Helk runs with 2 Kafka Brokers and 1 Zookeeper by default ## Jupyter Container + Preparing to add Zeppelin Notebook. the Analytics container is now named Jupyter. It uses the Spark-Base image to build on the top and install the necessary packagess + New packages were added: ++ nxviz ++ hiveplot ++ pyarrow + Apache Arrow is not enabled on the Jupyter node to be able to optimize the use of Pandas DataFrames
2018-05-03 19:54:12 +00:00
container_name: helk-zookeeper
logging:
driver: "json-file"
options:
max-file: "5"
max-size: "1m"
restart: always
depends_on:
- helk-logstash
networks:
helk:
HELK 6.2.4-050318 ## Overall + Removed the Init files dependencies on all containers + Added more resources to the resources folder (papers and presentations) + Updated to-do list on main README + Removed Static Network setting. Addressing overlapping network issues (https://github.com/Cyb3rWard0g/HELK/issues/43) + Updated WIki and added new images to it + Started documenting potential error messages or bugs with a few quick fixes ## Helk Install Script + Script now collects information about Available Memory and Disk size for LINUX host ONLY. it only continues if the box hosting the HELK has at least 12GB of RAM and 50GB of Disk Available. (This can be overwritten manually by just editing the helk_install script before installing the HELK) ## ELK Stack + Started using Elastic Docker Images as a base + Updated ELK stack to 6.2.4 version + X-Pack Basic Free License attached to build automatically + Monitoring capabilities are now enabled in the build (Reason why Cerebro went away) ## Spark + Integrated Spark Standalone Cluster Manager + Spark Node running with Jupyter Notebook now points to the Helk-Spark-Master container for any execution of code + Added Spark Master and Worker Docker Images + Build runs now with 2 Workers and 1 Master by default. + Apache Arrow is enabled for Pandas Dataframe optimization + Created Spark-Base Docker Image (Applied to the Jupyter Image) ## Kafka + Kafka Container was split in Kafka Brokers and one Zookeeper + Helk runs with 2 Kafka Brokers and 1 Zookeeper by default ## Jupyter Container + Preparing to add Zeppelin Notebook. the Analytics container is now named Jupyter. It uses the Spark-Base image to build on the top and install the necessary packagess + New packages were added: ++ nxviz ++ hiveplot ++ pyarrow + Apache Arrow is not enabled on the Jupyter node to be able to optimize the use of Pandas DataFrames
2018-05-03 19:54:12 +00:00
helk-kafka-broker:
2019-05-21 04:51:24 +00:00
image: cyb3rward0g/helk-kafka-broker:2.2.0
HELK 6.2.4-050318 ## Overall + Removed the Init files dependencies on all containers + Added more resources to the resources folder (papers and presentations) + Updated to-do list on main README + Removed Static Network setting. Addressing overlapping network issues (https://github.com/Cyb3rWard0g/HELK/issues/43) + Updated WIki and added new images to it + Started documenting potential error messages or bugs with a few quick fixes ## Helk Install Script + Script now collects information about Available Memory and Disk size for LINUX host ONLY. it only continues if the box hosting the HELK has at least 12GB of RAM and 50GB of Disk Available. (This can be overwritten manually by just editing the helk_install script before installing the HELK) ## ELK Stack + Started using Elastic Docker Images as a base + Updated ELK stack to 6.2.4 version + X-Pack Basic Free License attached to build automatically + Monitoring capabilities are now enabled in the build (Reason why Cerebro went away) ## Spark + Integrated Spark Standalone Cluster Manager + Spark Node running with Jupyter Notebook now points to the Helk-Spark-Master container for any execution of code + Added Spark Master and Worker Docker Images + Build runs now with 2 Workers and 1 Master by default. + Apache Arrow is enabled for Pandas Dataframe optimization + Created Spark-Base Docker Image (Applied to the Jupyter Image) ## Kafka + Kafka Container was split in Kafka Brokers and one Zookeeper + Helk runs with 2 Kafka Brokers and 1 Zookeeper by default ## Jupyter Container + Preparing to add Zeppelin Notebook. the Analytics container is now named Jupyter. It uses the Spark-Base image to build on the top and install the necessary packagess + New packages were added: ++ nxviz ++ hiveplot ++ pyarrow + Apache Arrow is not enabled on the Jupyter node to be able to optimize the use of Pandas DataFrames
2018-05-03 19:54:12 +00:00
container_name: helk-kafka-broker
logging:
driver: "json-file"
options:
max-file: "5"
max-size: "1m"
HELK 6.2.4-050318 ## Overall + Removed the Init files dependencies on all containers + Added more resources to the resources folder (papers and presentations) + Updated to-do list on main README + Removed Static Network setting. Addressing overlapping network issues (https://github.com/Cyb3rWard0g/HELK/issues/43) + Updated WIki and added new images to it + Started documenting potential error messages or bugs with a few quick fixes ## Helk Install Script + Script now collects information about Available Memory and Disk size for LINUX host ONLY. it only continues if the box hosting the HELK has at least 12GB of RAM and 50GB of Disk Available. (This can be overwritten manually by just editing the helk_install script before installing the HELK) ## ELK Stack + Started using Elastic Docker Images as a base + Updated ELK stack to 6.2.4 version + X-Pack Basic Free License attached to build automatically + Monitoring capabilities are now enabled in the build (Reason why Cerebro went away) ## Spark + Integrated Spark Standalone Cluster Manager + Spark Node running with Jupyter Notebook now points to the Helk-Spark-Master container for any execution of code + Added Spark Master and Worker Docker Images + Build runs now with 2 Workers and 1 Master by default. + Apache Arrow is enabled for Pandas Dataframe optimization + Created Spark-Base Docker Image (Applied to the Jupyter Image) ## Kafka + Kafka Container was split in Kafka Brokers and one Zookeeper + Helk runs with 2 Kafka Brokers and 1 Zookeeper by default ## Jupyter Container + Preparing to add Zeppelin Notebook. the Analytics container is now named Jupyter. It uses the Spark-Base image to build on the top and install the necessary packagess + New packages were added: ++ nxviz ++ hiveplot ++ pyarrow + Apache Arrow is not enabled on the Jupyter node to be able to optimize the use of Pandas DataFrames
2018-05-03 19:54:12 +00:00
restart: always
depends_on:
- helk-zookeeper
environment:
v0.1.6-alpha12132018 HELK base image + Updated to 0.0.3 HELK ELK Version + Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released) helk_install + Users can now select between two deployments: ++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT) ++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER) + Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option. helk-elastalert + Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g helk-elasticsearch + consolidated main configs in one + added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK. helk-logstash + updated to 6.5.3 + simplified pipeline to have only one folder + logstash-entrypoint script can now enable elastic password on all logstash output conf files. + New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT) helk-nginx + split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base) helk-kibana + Updated to version 6.5.3 + Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic helk-jupyter + updated Jupyterlab to 0.35.4 + updated jupyterhub to 0.9.4 + updated jupyterlab hub extension to 0.12.0 + updated ES_HADOOP to 6.5.3 + updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0 + Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time helk-kafka-base + reduced docker container size + updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper) helk-kafka-broker + User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own. helk-zookeeper + reduced size of container + updated build to kafka 2.1.0 helk-KSQL + initial integration of KSQL + KSQL Server and KSQL CLI are available + Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
KAFKA_BROKER_NAME: helk-kafka-broker
KAFKA_BROKER_ID: 1
KAFKA_BROKER_PORT: 9092
REPLICATION_FACTOR: 1
ADVERTISED_LISTENER: ${ADVERTISED_LISTENER}
v0.1.6-alpha12132018 HELK base image + Updated to 0.0.3 HELK ELK Version + Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released) helk_install + Users can now select between two deployments: ++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT) ++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER) + Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option. helk-elastalert + Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g helk-elasticsearch + consolidated main configs in one + added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK. helk-logstash + updated to 6.5.3 + simplified pipeline to have only one folder + logstash-entrypoint script can now enable elastic password on all logstash output conf files. + New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT) helk-nginx + split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base) helk-kibana + Updated to version 6.5.3 + Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic helk-jupyter + updated Jupyterlab to 0.35.4 + updated jupyterhub to 0.9.4 + updated jupyterlab hub extension to 0.12.0 + updated ES_HADOOP to 6.5.3 + updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0 + Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time helk-kafka-base + reduced docker container size + updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper) helk-kafka-broker + User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own. helk-zookeeper + reduced size of container + updated build to kafka 2.1.0 helk-KSQL + initial integration of KSQL + KSQL Server and KSQL CLI are available + Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
ZOOKEEPER_NAME: helk-zookeeper
KAFKA_CREATE_TOPICS: winlogbeat, winevent, SYSMON_JOIN, filebeat
v0.1.6-alpha12132018 HELK base image + Updated to 0.0.3 HELK ELK Version + Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released) helk_install + Users can now select between two deployments: ++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT) ++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER) + Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option. helk-elastalert + Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g helk-elasticsearch + consolidated main configs in one + added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK. helk-logstash + updated to 6.5.3 + simplified pipeline to have only one folder + logstash-entrypoint script can now enable elastic password on all logstash output conf files. + New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT) helk-nginx + split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base) helk-kibana + Updated to version 6.5.3 + Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic helk-jupyter + updated Jupyterlab to 0.35.4 + updated jupyterhub to 0.9.4 + updated jupyterlab hub extension to 0.12.0 + updated ES_HADOOP to 6.5.3 + updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0 + Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time helk-kafka-base + reduced docker container size + updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper) helk-kafka-broker + User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own. helk-zookeeper + reduced size of container + updated build to kafka 2.1.0 helk-KSQL + initial integration of KSQL + KSQL Server and KSQL CLI are available + Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
KAFKA_HEAP_OPTS: -Xmx1G -Xms1G
LOG_RETENTION_HOURS: 4
HELK 6.2.4-050318 ## Overall + Removed the Init files dependencies on all containers + Added more resources to the resources folder (papers and presentations) + Updated to-do list on main README + Removed Static Network setting. Addressing overlapping network issues (https://github.com/Cyb3rWard0g/HELK/issues/43) + Updated WIki and added new images to it + Started documenting potential error messages or bugs with a few quick fixes ## Helk Install Script + Script now collects information about Available Memory and Disk size for LINUX host ONLY. it only continues if the box hosting the HELK has at least 12GB of RAM and 50GB of Disk Available. (This can be overwritten manually by just editing the helk_install script before installing the HELK) ## ELK Stack + Started using Elastic Docker Images as a base + Updated ELK stack to 6.2.4 version + X-Pack Basic Free License attached to build automatically + Monitoring capabilities are now enabled in the build (Reason why Cerebro went away) ## Spark + Integrated Spark Standalone Cluster Manager + Spark Node running with Jupyter Notebook now points to the Helk-Spark-Master container for any execution of code + Added Spark Master and Worker Docker Images + Build runs now with 2 Workers and 1 Master by default. + Apache Arrow is enabled for Pandas Dataframe optimization + Created Spark-Base Docker Image (Applied to the Jupyter Image) ## Kafka + Kafka Container was split in Kafka Brokers and one Zookeeper + Helk runs with 2 Kafka Brokers and 1 Zookeeper by default ## Jupyter Container + Preparing to add Zeppelin Notebook. the Analytics container is now named Jupyter. It uses the Spark-Base image to build on the top and install the necessary packagess + New packages were added: ++ nxviz ++ hiveplot ++ pyarrow + Apache Arrow is not enabled on the Jupyter node to be able to optimize the use of Pandas DataFrames
2018-05-03 19:54:12 +00:00
ports:
- "9092:9092"
networks:
helk:
v0.1.6-alpha12132018 HELK base image + Updated to 0.0.3 HELK ELK Version + Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released) helk_install + Users can now select between two deployments: ++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT) ++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER) + Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option. helk-elastalert + Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g helk-elasticsearch + consolidated main configs in one + added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK. helk-logstash + updated to 6.5.3 + simplified pipeline to have only one folder + logstash-entrypoint script can now enable elastic password on all logstash output conf files. + New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT) helk-nginx + split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base) helk-kibana + Updated to version 6.5.3 + Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic helk-jupyter + updated Jupyterlab to 0.35.4 + updated jupyterhub to 0.9.4 + updated jupyterlab hub extension to 0.12.0 + updated ES_HADOOP to 6.5.3 + updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0 + Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time helk-kafka-base + reduced docker container size + updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper) helk-kafka-broker + User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own. helk-zookeeper + reduced size of container + updated build to kafka 2.1.0 helk-KSQL + initial integration of KSQL + KSQL Server and KSQL CLI are available + Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
helk-ksql-server:
2019-05-21 04:51:24 +00:00
image: confluentinc/cp-ksql-server:5.1.3
v0.1.6-alpha12132018 HELK base image + Updated to 0.0.3 HELK ELK Version + Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released) helk_install + Users can now select between two deployments: ++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT) ++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER) + Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option. helk-elastalert + Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g helk-elasticsearch + consolidated main configs in one + added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK. helk-logstash + updated to 6.5.3 + simplified pipeline to have only one folder + logstash-entrypoint script can now enable elastic password on all logstash output conf files. + New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT) helk-nginx + split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base) helk-kibana + Updated to version 6.5.3 + Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic helk-jupyter + updated Jupyterlab to 0.35.4 + updated jupyterhub to 0.9.4 + updated jupyterlab hub extension to 0.12.0 + updated ES_HADOOP to 6.5.3 + updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0 + Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time helk-kafka-base + reduced docker container size + updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper) helk-kafka-broker + User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own. helk-zookeeper + reduced size of container + updated build to kafka 2.1.0 helk-KSQL + initial integration of KSQL + KSQL Server and KSQL CLI are available + Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
container_name: helk-ksql-server
logging:
driver: "json-file"
options:
max-file: "5"
max-size: "1m"
HELK 6.2.4-050318 ## Overall + Removed the Init files dependencies on all containers + Added more resources to the resources folder (papers and presentations) + Updated to-do list on main README + Removed Static Network setting. Addressing overlapping network issues (https://github.com/Cyb3rWard0g/HELK/issues/43) + Updated WIki and added new images to it + Started documenting potential error messages or bugs with a few quick fixes ## Helk Install Script + Script now collects information about Available Memory and Disk size for LINUX host ONLY. it only continues if the box hosting the HELK has at least 12GB of RAM and 50GB of Disk Available. (This can be overwritten manually by just editing the helk_install script before installing the HELK) ## ELK Stack + Started using Elastic Docker Images as a base + Updated ELK stack to 6.2.4 version + X-Pack Basic Free License attached to build automatically + Monitoring capabilities are now enabled in the build (Reason why Cerebro went away) ## Spark + Integrated Spark Standalone Cluster Manager + Spark Node running with Jupyter Notebook now points to the Helk-Spark-Master container for any execution of code + Added Spark Master and Worker Docker Images + Build runs now with 2 Workers and 1 Master by default. + Apache Arrow is enabled for Pandas Dataframe optimization + Created Spark-Base Docker Image (Applied to the Jupyter Image) ## Kafka + Kafka Container was split in Kafka Brokers and one Zookeeper + Helk runs with 2 Kafka Brokers and 1 Zookeeper by default ## Jupyter Container + Preparing to add Zeppelin Notebook. the Analytics container is now named Jupyter. It uses the Spark-Base image to build on the top and install the necessary packagess + New packages were added: ++ nxviz ++ hiveplot ++ pyarrow + Apache Arrow is not enabled on the Jupyter node to be able to optimize the use of Pandas DataFrames
2018-05-03 19:54:12 +00:00
restart: always
depends_on:
v0.1.6-alpha12132018 HELK base image + Updated to 0.0.3 HELK ELK Version + Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released) helk_install + Users can now select between two deployments: ++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT) ++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER) + Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option. helk-elastalert + Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g helk-elasticsearch + consolidated main configs in one + added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK. helk-logstash + updated to 6.5.3 + simplified pipeline to have only one folder + logstash-entrypoint script can now enable elastic password on all logstash output conf files. + New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT) helk-nginx + split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base) helk-kibana + Updated to version 6.5.3 + Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic helk-jupyter + updated Jupyterlab to 0.35.4 + updated jupyterhub to 0.9.4 + updated jupyterlab hub extension to 0.12.0 + updated ES_HADOOP to 6.5.3 + updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0 + Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time helk-kafka-base + reduced docker container size + updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper) helk-kafka-broker + User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own. helk-zookeeper + reduced size of container + updated build to kafka 2.1.0 helk-KSQL + initial integration of KSQL + KSQL Server and KSQL CLI are available + Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
- helk-kafka-broker
HELK 6.2.4-050318 ## Overall + Removed the Init files dependencies on all containers + Added more resources to the resources folder (papers and presentations) + Updated to-do list on main README + Removed Static Network setting. Addressing overlapping network issues (https://github.com/Cyb3rWard0g/HELK/issues/43) + Updated WIki and added new images to it + Started documenting potential error messages or bugs with a few quick fixes ## Helk Install Script + Script now collects information about Available Memory and Disk size for LINUX host ONLY. it only continues if the box hosting the HELK has at least 12GB of RAM and 50GB of Disk Available. (This can be overwritten manually by just editing the helk_install script before installing the HELK) ## ELK Stack + Started using Elastic Docker Images as a base + Updated ELK stack to 6.2.4 version + X-Pack Basic Free License attached to build automatically + Monitoring capabilities are now enabled in the build (Reason why Cerebro went away) ## Spark + Integrated Spark Standalone Cluster Manager + Spark Node running with Jupyter Notebook now points to the Helk-Spark-Master container for any execution of code + Added Spark Master and Worker Docker Images + Build runs now with 2 Workers and 1 Master by default. + Apache Arrow is enabled for Pandas Dataframe optimization + Created Spark-Base Docker Image (Applied to the Jupyter Image) ## Kafka + Kafka Container was split in Kafka Brokers and one Zookeeper + Helk runs with 2 Kafka Brokers and 1 Zookeeper by default ## Jupyter Container + Preparing to add Zeppelin Notebook. the Analytics container is now named Jupyter. It uses the Spark-Base image to build on the top and install the necessary packagess + New packages were added: ++ nxviz ++ hiveplot ++ pyarrow + Apache Arrow is not enabled on the Jupyter node to be able to optimize the use of Pandas DataFrames
2018-05-03 19:54:12 +00:00
environment:
v0.1.6-alpha12132018 HELK base image + Updated to 0.0.3 HELK ELK Version + Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released) helk_install + Users can now select between two deployments: ++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT) ++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER) + Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option. helk-elastalert + Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g helk-elasticsearch + consolidated main configs in one + added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK. helk-logstash + updated to 6.5.3 + simplified pipeline to have only one folder + logstash-entrypoint script can now enable elastic password on all logstash output conf files. + New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT) helk-nginx + split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base) helk-kibana + Updated to version 6.5.3 + Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic helk-jupyter + updated Jupyterlab to 0.35.4 + updated jupyterhub to 0.9.4 + updated jupyterlab hub extension to 0.12.0 + updated ES_HADOOP to 6.5.3 + updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0 + Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time helk-kafka-base + reduced docker container size + updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper) helk-kafka-broker + User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own. helk-zookeeper + reduced size of container + updated build to kafka 2.1.0 helk-KSQL + initial integration of KSQL + KSQL Server and KSQL CLI are available + Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
KSQL_BOOTSTRAP_SERVERS: helk-kafka-broker:9092
KSQL_LISTENERS: http://0.0.0.0:8088
KSQL_KSQL_SERVICE_ID: wardog
KSQL_CUB_KAFKA_TIMEOUT: 300
KSQL_KSQL_COMMIT_INTERVAL_MS: 2000
KSQL_KSQL_CACHE_MAX_BYTES_BUFFERING: 10000000
KSQL_KSQL_STREAMS_AUTO_OFFSET_RESET: earliest
2019-05-21 04:51:24 +00:00
KSQL_HEAP_OPTS: -Xmx1g
2020-01-03 17:19:57 +00:00
KSQL_OPTS: "-Dconfluent.support.metrics.enable=false"
HELK 6.2.4-050318 ## Overall + Removed the Init files dependencies on all containers + Added more resources to the resources folder (papers and presentations) + Updated to-do list on main README + Removed Static Network setting. Addressing overlapping network issues (https://github.com/Cyb3rWard0g/HELK/issues/43) + Updated WIki and added new images to it + Started documenting potential error messages or bugs with a few quick fixes ## Helk Install Script + Script now collects information about Available Memory and Disk size for LINUX host ONLY. it only continues if the box hosting the HELK has at least 12GB of RAM and 50GB of Disk Available. (This can be overwritten manually by just editing the helk_install script before installing the HELK) ## ELK Stack + Started using Elastic Docker Images as a base + Updated ELK stack to 6.2.4 version + X-Pack Basic Free License attached to build automatically + Monitoring capabilities are now enabled in the build (Reason why Cerebro went away) ## Spark + Integrated Spark Standalone Cluster Manager + Spark Node running with Jupyter Notebook now points to the Helk-Spark-Master container for any execution of code + Added Spark Master and Worker Docker Images + Build runs now with 2 Workers and 1 Master by default. + Apache Arrow is enabled for Pandas Dataframe optimization + Created Spark-Base Docker Image (Applied to the Jupyter Image) ## Kafka + Kafka Container was split in Kafka Brokers and one Zookeeper + Helk runs with 2 Kafka Brokers and 1 Zookeeper by default ## Jupyter Container + Preparing to add Zeppelin Notebook. the Analytics container is now named Jupyter. It uses the Spark-Base image to build on the top and install the necessary packagess + New packages were added: ++ nxviz ++ hiveplot ++ pyarrow + Apache Arrow is not enabled on the Jupyter node to be able to optimize the use of Pandas DataFrames
2018-05-03 19:54:12 +00:00
ports:
v0.1.6-alpha12132018 HELK base image + Updated to 0.0.3 HELK ELK Version + Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released) helk_install + Users can now select between two deployments: ++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT) ++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER) + Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option. helk-elastalert + Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g helk-elasticsearch + consolidated main configs in one + added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK. helk-logstash + updated to 6.5.3 + simplified pipeline to have only one folder + logstash-entrypoint script can now enable elastic password on all logstash output conf files. + New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT) helk-nginx + split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base) helk-kibana + Updated to version 6.5.3 + Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic helk-jupyter + updated Jupyterlab to 0.35.4 + updated jupyterhub to 0.9.4 + updated jupyterlab hub extension to 0.12.0 + updated ES_HADOOP to 6.5.3 + updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0 + Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time helk-kafka-base + reduced docker container size + updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper) helk-kafka-broker + User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own. helk-zookeeper + reduced size of container + updated build to kafka 2.1.0 helk-KSQL + initial integration of KSQL + KSQL Server and KSQL CLI are available + Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
- 8088:8088
networks:
helk:
helk-ksql-cli:
2019-05-21 04:51:24 +00:00
image: confluentinc/cp-ksql-cli:5.1.3
v0.1.6-alpha12132018 HELK base image + Updated to 0.0.3 HELK ELK Version + Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released) helk_install + Users can now select between two deployments: ++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT) ++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER) + Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option. helk-elastalert + Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g helk-elasticsearch + consolidated main configs in one + added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK. helk-logstash + updated to 6.5.3 + simplified pipeline to have only one folder + logstash-entrypoint script can now enable elastic password on all logstash output conf files. + New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT) helk-nginx + split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base) helk-kibana + Updated to version 6.5.3 + Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic helk-jupyter + updated Jupyterlab to 0.35.4 + updated jupyterhub to 0.9.4 + updated jupyterlab hub extension to 0.12.0 + updated ES_HADOOP to 6.5.3 + updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0 + Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time helk-kafka-base + reduced docker container size + updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper) helk-kafka-broker + User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own. helk-zookeeper + reduced size of container + updated build to kafka 2.1.0 helk-KSQL + initial integration of KSQL + KSQL Server and KSQL CLI are available + Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
container_name: helk-ksql-cli
logging:
driver: "json-file"
options:
max-file: "5"
max-size: "1m"
v0.1.6-alpha12132018 HELK base image + Updated to 0.0.3 HELK ELK Version + Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released) helk_install + Users can now select between two deployments: ++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT) ++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER) + Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option. helk-elastalert + Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g helk-elasticsearch + consolidated main configs in one + added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK. helk-logstash + updated to 6.5.3 + simplified pipeline to have only one folder + logstash-entrypoint script can now enable elastic password on all logstash output conf files. + New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT) helk-nginx + split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base) helk-kibana + Updated to version 6.5.3 + Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic helk-jupyter + updated Jupyterlab to 0.35.4 + updated jupyterhub to 0.9.4 + updated jupyterlab hub extension to 0.12.0 + updated ES_HADOOP to 6.5.3 + updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0 + Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time helk-kafka-base + reduced docker container size + updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper) helk-kafka-broker + User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own. helk-zookeeper + reduced size of container + updated build to kafka 2.1.0 helk-KSQL + initial integration of KSQL + KSQL Server and KSQL CLI are available + Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
depends_on:
- helk-ksql-server
environment:
2019-05-21 04:51:24 +00:00
KSQL_HEAP_OPTS: -Xmx1g
v0.1.6-alpha12132018 HELK base image + Updated to 0.0.3 HELK ELK Version + Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released) helk_install + Users can now select between two deployments: ++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT) ++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER) + Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option. helk-elastalert + Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g helk-elasticsearch + consolidated main configs in one + added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK. helk-logstash + updated to 6.5.3 + simplified pipeline to have only one folder + logstash-entrypoint script can now enable elastic password on all logstash output conf files. + New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT) helk-nginx + split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base) helk-kibana + Updated to version 6.5.3 + Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic helk-jupyter + updated Jupyterlab to 0.35.4 + updated jupyterhub to 0.9.4 + updated jupyterlab hub extension to 0.12.0 + updated ES_HADOOP to 6.5.3 + updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0 + Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time helk-kafka-base + reduced docker container size + updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper) helk-kafka-broker + User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own. helk-zookeeper + reduced size of container + updated build to kafka 2.1.0 helk-KSQL + initial integration of KSQL + KSQL Server and KSQL CLI are available + Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
entrypoint: /bin/sh
tty: true
networks:
helk:
2019-05-21 04:51:24 +00:00
helk-jupyter:
build: helk-jupyter/
container_name: helk-jupyter
logging:
driver: "json-file"
options:
max-file: "5"
max-size: "1m"
2019-05-21 04:51:24 +00:00
environment:
2020-01-11 02:26:15 +00:00
JUPYTER_TYPE: notebook
2019-05-21 04:51:24 +00:00
JUPYTER_BASE_URL: /jupyter
volumes:
- notebooks:/opt/helk/jupyter/notebooks
2019-05-21 04:51:24 +00:00
restart: always
depends_on:
- helk-logstash
networks:
helk:
helk-spark-master:
image: cyb3rward0g/helk-spark-master:2.4.3
container_name: helk-spark-master
logging:
driver: "json-file"
options:
max-file: "5"
max-size: "1m"
2019-05-21 04:51:24 +00:00
environment:
SPARK_MASTER_PORT: 7077
SPARK_MASTER_WEBUI_PORT: 8080
ports:
- "8080:8080"
restart: always
depends_on:
- helk-logstash
networks:
helk:
helk-spark-worker:
image: cyb3rward0g/helk-spark-worker:2.4.3
container_name: helk-spark-worker
logging:
driver: "json-file"
options:
max-file: "5"
max-size: "1m"
2019-05-21 04:51:24 +00:00
environment:
SPARK_MASTER: spark://helk-spark-master:7077
SPARK_WORKER_MEMORY: 1g
SPARK_WORKER_WEBUI_PORT: 8081
SPARK_WORKER_PORT: 42950
restart: always
depends_on:
- helk-spark-master
networks:
helk:
v0.1.3-alpha08242018 Docker-compose Files Version + Updated version to 3.5 Base Docker Ubuntu Image + Updated to phusion/baseimage version 0.11 (https://github.com/phusion/baseimage-docker/releases/tag/0.11) HELK base image + Updated to 0.0.2 due to Ubuntu upgrade HELK ELK Version + Now using 6.4.0 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-4-0-released?blade=tw&hulk=social) helk_install + Fixed https://github.com/Cyb3rWard0g/HELK/issues/99 helk-elasticsearch + Updated main yml config to set most of the settings via environment variables via docker-compose + Trial docker-compose file now has ELASTICSEARCH_PASSWORD environment variable set/available. Trial Dockerfile was deleted since the elasticsearch_password update is now taken care of by the internal elasticsearch docker script that is comes with the official elasticsearch docker image. + reduced the memory requirements from 4GB to 2GB helk-logstash + entrypoint scripts remove kafka output plugin 7.1.2 and installs version 7.1.1 due to https://github.com/logstash-plugins/logstash-output-kafka/pull/198 ++ this error happens right after upgrading ELK built from 6.3.2 to 6.4.0 helk-jupyter + Added Altair python package + updated Jupyterlab to 0.34.1 + updated jupyterhub to 0.9.2 + updated jupyterlab hub extension to 0.11.0 + updated Spark config to use Graphframes 0.6.0 (https://graphframes.github.io/user-guide.html) + updated spark-kafka library to spark-sql-kafka-0-10_2.11:2.3.1 helk-kafka-base + updated Kafka to 2.0.0 (this affects Kafka brokers and zookeeper) + Created user kafkauser to run kafka containers as non-root helk-kafka-broker + split entrypoint script to have topics creation separate ++ auomated the way how the container checks for the kafka broker port availability. If the port is open, then it attempts to create kafka topics + No need to tail kafka logs to keep the container alive after running the kafka start script. It now just starts the broker via Dockerfile CMD command and stays alive. helk-zookeeper + updated entrypoint to only set the main server config + zookeeper is now started via Dockerfile CMD command
2018-08-24 15:41:25 +00:00
networks:
helk:
driver: bridge
volumes:
esdata:
v0.1.3-alpha08242018 Docker-compose Files Version + Updated version to 3.5 Base Docker Ubuntu Image + Updated to phusion/baseimage version 0.11 (https://github.com/phusion/baseimage-docker/releases/tag/0.11) HELK base image + Updated to 0.0.2 due to Ubuntu upgrade HELK ELK Version + Now using 6.4.0 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-4-0-released?blade=tw&hulk=social) helk_install + Fixed https://github.com/Cyb3rWard0g/HELK/issues/99 helk-elasticsearch + Updated main yml config to set most of the settings via environment variables via docker-compose + Trial docker-compose file now has ELASTICSEARCH_PASSWORD environment variable set/available. Trial Dockerfile was deleted since the elasticsearch_password update is now taken care of by the internal elasticsearch docker script that is comes with the official elasticsearch docker image. + reduced the memory requirements from 4GB to 2GB helk-logstash + entrypoint scripts remove kafka output plugin 7.1.2 and installs version 7.1.1 due to https://github.com/logstash-plugins/logstash-output-kafka/pull/198 ++ this error happens right after upgrading ELK built from 6.3.2 to 6.4.0 helk-jupyter + Added Altair python package + updated Jupyterlab to 0.34.1 + updated jupyterhub to 0.9.2 + updated jupyterlab hub extension to 0.11.0 + updated Spark config to use Graphframes 0.6.0 (https://graphframes.github.io/user-guide.html) + updated spark-kafka library to spark-sql-kafka-0-10_2.11:2.3.1 helk-kafka-base + updated Kafka to 2.0.0 (this affects Kafka brokers and zookeeper) + Created user kafkauser to run kafka containers as non-root helk-kafka-broker + split entrypoint script to have topics creation separate ++ auomated the way how the container checks for the kafka broker port availability. If the port is open, then it attempts to create kafka topics + No need to tail kafka logs to keep the container alive after running the kafka start script. It now just starts the broker via Dockerfile CMD command and stays alive. helk-zookeeper + updated entrypoint to only set the main server config + zookeeper is now started via Dockerfile CMD command
2018-08-24 15:41:25 +00:00
driver: local
notebooks:
driver: local
v0.1.3-alpha08242018 Docker-compose Files Version + Updated version to 3.5 Base Docker Ubuntu Image + Updated to phusion/baseimage version 0.11 (https://github.com/phusion/baseimage-docker/releases/tag/0.11) HELK base image + Updated to 0.0.2 due to Ubuntu upgrade HELK ELK Version + Now using 6.4.0 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-4-0-released?blade=tw&hulk=social) helk_install + Fixed https://github.com/Cyb3rWard0g/HELK/issues/99 helk-elasticsearch + Updated main yml config to set most of the settings via environment variables via docker-compose + Trial docker-compose file now has ELASTICSEARCH_PASSWORD environment variable set/available. Trial Dockerfile was deleted since the elasticsearch_password update is now taken care of by the internal elasticsearch docker script that is comes with the official elasticsearch docker image. + reduced the memory requirements from 4GB to 2GB helk-logstash + entrypoint scripts remove kafka output plugin 7.1.2 and installs version 7.1.1 due to https://github.com/logstash-plugins/logstash-output-kafka/pull/198 ++ this error happens right after upgrading ELK built from 6.3.2 to 6.4.0 helk-jupyter + Added Altair python package + updated Jupyterlab to 0.34.1 + updated jupyterhub to 0.9.2 + updated jupyterlab hub extension to 0.11.0 + updated Spark config to use Graphframes 0.6.0 (https://graphframes.github.io/user-guide.html) + updated spark-kafka library to spark-sql-kafka-0-10_2.11:2.3.1 helk-kafka-base + updated Kafka to 2.0.0 (this affects Kafka brokers and zookeeper) + Created user kafkauser to run kafka containers as non-root helk-kafka-broker + split entrypoint script to have topics creation separate ++ auomated the way how the container checks for the kafka broker port availability. If the port is open, then it attempts to create kafka topics + No need to tail kafka logs to keep the container alive after running the kafka start script. It now just starts the broker via Dockerfile CMD command and stays alive. helk-zookeeper + updated entrypoint to only set the main server config + zookeeper is now started via Dockerfile CMD command
2018-08-24 15:41:25 +00:00
secrets:
elasticsearch.yml:
v0.1.6-alpha12132018 HELK base image + Updated to 0.0.3 HELK ELK Version + Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released) helk_install + Users can now select between two deployments: ++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT) ++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER) + Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option. helk-elastalert + Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g helk-elasticsearch + consolidated main configs in one + added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK. helk-logstash + updated to 6.5.3 + simplified pipeline to have only one folder + logstash-entrypoint script can now enable elastic password on all logstash output conf files. + New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT) helk-nginx + split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base) helk-kibana + Updated to version 6.5.3 + Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic helk-jupyter + updated Jupyterlab to 0.35.4 + updated jupyterhub to 0.9.4 + updated jupyterlab hub extension to 0.12.0 + updated ES_HADOOP to 6.5.3 + updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0 + Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time helk-kafka-base + reduced docker container size + updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper) helk-kafka-broker + User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own. helk-zookeeper + reduced size of container + updated build to kafka 2.1.0 helk-KSQL + initial integration of KSQL + KSQL Server and KSQL CLI are available + Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
file: ./helk-elasticsearch/config/elasticsearch.yml
v0.1.3-alpha08242018 Docker-compose Files Version + Updated version to 3.5 Base Docker Ubuntu Image + Updated to phusion/baseimage version 0.11 (https://github.com/phusion/baseimage-docker/releases/tag/0.11) HELK base image + Updated to 0.0.2 due to Ubuntu upgrade HELK ELK Version + Now using 6.4.0 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-4-0-released?blade=tw&hulk=social) helk_install + Fixed https://github.com/Cyb3rWard0g/HELK/issues/99 helk-elasticsearch + Updated main yml config to set most of the settings via environment variables via docker-compose + Trial docker-compose file now has ELASTICSEARCH_PASSWORD environment variable set/available. Trial Dockerfile was deleted since the elasticsearch_password update is now taken care of by the internal elasticsearch docker script that is comes with the official elasticsearch docker image. + reduced the memory requirements from 4GB to 2GB helk-logstash + entrypoint scripts remove kafka output plugin 7.1.2 and installs version 7.1.1 due to https://github.com/logstash-plugins/logstash-output-kafka/pull/198 ++ this error happens right after upgrading ELK built from 6.3.2 to 6.4.0 helk-jupyter + Added Altair python package + updated Jupyterlab to 0.34.1 + updated jupyterhub to 0.9.2 + updated jupyterlab hub extension to 0.11.0 + updated Spark config to use Graphframes 0.6.0 (https://graphframes.github.io/user-guide.html) + updated spark-kafka library to spark-sql-kafka-0-10_2.11:2.3.1 helk-kafka-base + updated Kafka to 2.0.0 (this affects Kafka brokers and zookeeper) + Created user kafkauser to run kafka containers as non-root helk-kafka-broker + split entrypoint script to have topics creation separate ++ auomated the way how the container checks for the kafka broker port availability. If the port is open, then it attempts to create kafka topics + No need to tail kafka logs to keep the container alive after running the kafka start script. It now just starts the broker via Dockerfile CMD command and stays alive. helk-zookeeper + updated entrypoint to only set the main server config + zookeeper is now started via Dockerfile CMD command
2018-08-24 15:41:25 +00:00
kibana.yml:
v0.1.6-alpha12132018 HELK base image + Updated to 0.0.3 HELK ELK Version + Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released) helk_install + Users can now select between two deployments: ++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT) ++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER) + Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option. helk-elastalert + Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g helk-elasticsearch + consolidated main configs in one + added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK. helk-logstash + updated to 6.5.3 + simplified pipeline to have only one folder + logstash-entrypoint script can now enable elastic password on all logstash output conf files. + New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT) helk-nginx + split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base) helk-kibana + Updated to version 6.5.3 + Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic helk-jupyter + updated Jupyterlab to 0.35.4 + updated jupyterhub to 0.9.4 + updated jupyterlab hub extension to 0.12.0 + updated ES_HADOOP to 6.5.3 + updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0 + Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time helk-kafka-base + reduced docker container size + updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper) helk-kafka-broker + User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own. helk-zookeeper + reduced size of container + updated build to kafka 2.1.0 helk-KSQL + initial integration of KSQL + KSQL Server and KSQL CLI are available + Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
file: ./helk-kibana/config/kibana.yml
v0.1.3-alpha08242018 Docker-compose Files Version + Updated version to 3.5 Base Docker Ubuntu Image + Updated to phusion/baseimage version 0.11 (https://github.com/phusion/baseimage-docker/releases/tag/0.11) HELK base image + Updated to 0.0.2 due to Ubuntu upgrade HELK ELK Version + Now using 6.4.0 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-4-0-released?blade=tw&hulk=social) helk_install + Fixed https://github.com/Cyb3rWard0g/HELK/issues/99 helk-elasticsearch + Updated main yml config to set most of the settings via environment variables via docker-compose + Trial docker-compose file now has ELASTICSEARCH_PASSWORD environment variable set/available. Trial Dockerfile was deleted since the elasticsearch_password update is now taken care of by the internal elasticsearch docker script that is comes with the official elasticsearch docker image. + reduced the memory requirements from 4GB to 2GB helk-logstash + entrypoint scripts remove kafka output plugin 7.1.2 and installs version 7.1.1 due to https://github.com/logstash-plugins/logstash-output-kafka/pull/198 ++ this error happens right after upgrading ELK built from 6.3.2 to 6.4.0 helk-jupyter + Added Altair python package + updated Jupyterlab to 0.34.1 + updated jupyterhub to 0.9.2 + updated jupyterlab hub extension to 0.11.0 + updated Spark config to use Graphframes 0.6.0 (https://graphframes.github.io/user-guide.html) + updated spark-kafka library to spark-sql-kafka-0-10_2.11:2.3.1 helk-kafka-base + updated Kafka to 2.0.0 (this affects Kafka brokers and zookeeper) + Created user kafkauser to run kafka containers as non-root helk-kafka-broker + split entrypoint script to have topics creation separate ++ auomated the way how the container checks for the kafka broker port availability. If the port is open, then it attempts to create kafka topics + No need to tail kafka logs to keep the container alive after running the kafka start script. It now just starts the broker via Dockerfile CMD command and stays alive. helk-zookeeper + updated entrypoint to only set the main server config + zookeeper is now started via Dockerfile CMD command
2018-08-24 15:41:25 +00:00
htpasswd.users:
file: ./helk-nginx/htpasswd.users