2018-08-24 15:41:25 +00:00
|
|
|
version: '3.5'
|
2018-02-25 07:59:44 +00:00
|
|
|
|
|
|
|
services:
|
2018-12-14 14:59:02 +00:00
|
|
|
helk-elasticsearch:
|
2019-12-30 20:05:04 +00:00
|
|
|
image: docker.elastic.co/elasticsearch/elasticsearch:7.5.1
|
2018-04-10 06:56:28 +00:00
|
|
|
container_name: helk-elasticsearch
|
2019-12-30 20:05:04 +00:00
|
|
|
logging:
|
|
|
|
driver: "json-file"
|
|
|
|
options:
|
|
|
|
max-file: "9"
|
|
|
|
max-size: "6m"
|
2018-08-24 15:41:25 +00:00
|
|
|
secrets:
|
|
|
|
- source: elasticsearch.yml
|
|
|
|
target: /usr/share/elasticsearch/config/elasticsearch.yml
|
2018-02-25 07:59:44 +00:00
|
|
|
volumes:
|
2018-06-12 05:28:26 +00:00
|
|
|
- esdata:/usr/share/elasticsearch/data
|
2019-03-04 15:03:39 +00:00
|
|
|
- ./helk-elasticsearch/scripts:/usr/share/elasticsearch/scripts
|
2019-12-30 20:05:04 +00:00
|
|
|
- ./helk-elasticsearch/config/jvm.options:/usr/share/elasticsearch/config/jvm.options
|
2018-08-03 18:13:25 +00:00
|
|
|
entrypoint: /usr/share/elasticsearch/scripts/elasticsearch-entrypoint.sh
|
2018-02-25 07:59:44 +00:00
|
|
|
environment:
|
2018-08-24 15:41:25 +00:00
|
|
|
- cluster.name=helk-cluster
|
|
|
|
- node.name=helk-1
|
v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3
HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)
helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.
helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g
helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.
helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)
helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)
helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic
helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time
helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)
helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.
helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0
helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
|
|
|
- xpack.license.self_generated.type=basic
|
|
|
|
- xpack.security.enabled=false
|
2018-02-25 07:59:44 +00:00
|
|
|
ulimits:
|
|
|
|
memlock:
|
|
|
|
soft: -1
|
|
|
|
hard: -1
|
2018-12-06 06:05:15 +00:00
|
|
|
nproc: 20480
|
|
|
|
nofile:
|
|
|
|
soft: 160000
|
|
|
|
hard: 160000
|
2018-02-25 07:59:44 +00:00
|
|
|
restart: always
|
|
|
|
networks:
|
|
|
|
helk:
|
2018-04-10 06:56:28 +00:00
|
|
|
helk-logstash:
|
2019-12-30 20:05:04 +00:00
|
|
|
image: docker.elastic.co/logstash/logstash:7.5.1
|
2018-04-10 06:56:28 +00:00
|
|
|
container_name: helk-logstash
|
2019-12-30 20:05:04 +00:00
|
|
|
logging:
|
|
|
|
driver: "json-file"
|
|
|
|
options:
|
|
|
|
max-file: "9"
|
|
|
|
max-size: "6m"
|
2018-08-24 15:41:25 +00:00
|
|
|
secrets:
|
|
|
|
- source: logstash.yml
|
|
|
|
target: /usr/share/logstash/config/logstash.yml
|
2018-05-31 06:08:15 +00:00
|
|
|
volumes:
|
|
|
|
- ./helk-logstash/pipeline:/usr/share/logstash/pipeline
|
2018-06-11 05:56:28 +00:00
|
|
|
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
2019-03-11 13:00:54 +00:00
|
|
|
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
2018-06-15 17:11:58 +00:00
|
|
|
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
2019-01-31 16:29:49 +00:00
|
|
|
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
2018-08-03 18:13:25 +00:00
|
|
|
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
2019-12-30 20:05:04 +00:00
|
|
|
environment:
|
|
|
|
- "HELK_LOGSTASH_JAVA_OPTS=-XX:-UseConcMarkSweepGC -XX:-UseCMSInitiatingOccupancyOnly -XX:+UseG1GC"
|
2018-08-24 15:41:25 +00:00
|
|
|
ports:
|
|
|
|
- "5044:5044"
|
2019-02-22 08:13:14 +00:00
|
|
|
- "8531:8531"
|
2020-01-03 17:19:57 +00:00
|
|
|
- "3515:3515"
|
2018-04-10 06:56:28 +00:00
|
|
|
restart: always
|
|
|
|
depends_on:
|
2019-01-31 16:29:49 +00:00
|
|
|
- helk-kibana
|
2018-04-10 06:56:28 +00:00
|
|
|
networks:
|
|
|
|
helk:
|
|
|
|
helk-kibana:
|
2019-12-30 20:05:04 +00:00
|
|
|
image: docker.elastic.co/kibana/kibana:7.5.1
|
2018-04-10 06:56:28 +00:00
|
|
|
container_name: helk-kibana
|
2019-12-30 20:05:04 +00:00
|
|
|
logging:
|
|
|
|
driver: "json-file"
|
|
|
|
options:
|
|
|
|
max-file: "9"
|
|
|
|
max-size: "6m"
|
2018-08-24 15:41:25 +00:00
|
|
|
secrets:
|
|
|
|
- source: kibana.yml
|
|
|
|
target: /usr/share/kibana/config/kibana.yml
|
2018-06-11 05:56:28 +00:00
|
|
|
volumes:
|
2019-12-30 20:05:04 +00:00
|
|
|
- ./helk-kibana/objects:/usr/share/kibana/objects
|
2019-01-31 16:29:49 +00:00
|
|
|
- ./helk-kibana/scripts:/usr/share/kibana/scripts
|
2019-05-21 04:51:24 +00:00
|
|
|
- ./helk-kibana/custom:/usr/share/kibana/custom
|
2018-07-09 21:08:27 +00:00
|
|
|
entrypoint: /usr/share/kibana/scripts/kibana-entrypoint.sh
|
2018-04-10 06:56:28 +00:00
|
|
|
restart: always
|
|
|
|
depends_on:
|
|
|
|
- helk-elasticsearch
|
|
|
|
networks:
|
|
|
|
helk:
|
|
|
|
helk-nginx:
|
2018-08-24 15:41:25 +00:00
|
|
|
image: cyb3rward0g/helk-nginx:0.0.7
|
2018-04-10 06:56:28 +00:00
|
|
|
container_name: helk-nginx
|
2019-12-30 20:05:04 +00:00
|
|
|
logging:
|
|
|
|
driver: "json-file"
|
|
|
|
options:
|
|
|
|
max-file: "9"
|
|
|
|
max-size: "6m"
|
2018-08-24 15:41:25 +00:00
|
|
|
secrets:
|
|
|
|
- source: htpasswd.users
|
|
|
|
target: /etc/nginx/htpasswd.users
|
2018-07-12 04:29:09 +00:00
|
|
|
volumes:
|
2019-05-29 23:43:36 +00:00
|
|
|
- ./helk-nginx/config/basic-helk:/etc/nginx/sites-available/default
|
2018-08-03 18:13:25 +00:00
|
|
|
- ./helk-nginx/scripts/:/opt/helk/scripts/
|
|
|
|
entrypoint: /opt/helk/scripts/nginx-entrypoint.sh
|
2018-04-10 06:56:28 +00:00
|
|
|
ports:
|
|
|
|
- "80:80"
|
2018-08-03 18:13:25 +00:00
|
|
|
- "443:443"
|
2018-04-10 06:56:28 +00:00
|
|
|
restart: always
|
|
|
|
depends_on:
|
2018-05-03 19:54:12 +00:00
|
|
|
- helk-kibana
|
|
|
|
networks:
|
|
|
|
helk:
|
|
|
|
helk-zookeeper:
|
2019-05-21 04:51:24 +00:00
|
|
|
image: cyb3rward0g/helk-zookeeper:2.2.0
|
2018-05-03 19:54:12 +00:00
|
|
|
container_name: helk-zookeeper
|
2019-12-30 20:05:04 +00:00
|
|
|
logging:
|
|
|
|
driver: "json-file"
|
|
|
|
options:
|
|
|
|
max-file: "5"
|
|
|
|
max-size: "1m"
|
2018-02-25 07:59:44 +00:00
|
|
|
restart: always
|
|
|
|
depends_on:
|
2019-01-31 16:29:49 +00:00
|
|
|
- helk-logstash
|
2018-02-25 07:59:44 +00:00
|
|
|
networks:
|
|
|
|
helk:
|
2018-05-03 19:54:12 +00:00
|
|
|
helk-kafka-broker:
|
2019-05-21 04:51:24 +00:00
|
|
|
image: cyb3rward0g/helk-kafka-broker:2.2.0
|
2018-05-03 19:54:12 +00:00
|
|
|
container_name: helk-kafka-broker
|
2019-12-30 20:05:04 +00:00
|
|
|
logging:
|
|
|
|
driver: "json-file"
|
|
|
|
options:
|
|
|
|
max-file: "5"
|
|
|
|
max-size: "1m"
|
2018-05-03 19:54:12 +00:00
|
|
|
restart: always
|
|
|
|
depends_on:
|
|
|
|
- helk-zookeeper
|
|
|
|
environment:
|
v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3
HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)
helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.
helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g
helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.
helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)
helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)
helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic
helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time
helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)
helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.
helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0
helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
|
|
|
KAFKA_BROKER_NAME: helk-kafka-broker
|
|
|
|
KAFKA_BROKER_ID: 1
|
|
|
|
KAFKA_BROKER_PORT: 9092
|
|
|
|
REPLICATION_FACTOR: 1
|
2019-05-21 14:30:12 +00:00
|
|
|
ADVERTISED_LISTENER: ${ADVERTISED_LISTENER}
|
v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3
HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)
helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.
helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g
helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.
helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)
helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)
helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic
helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time
helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)
helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.
helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0
helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
|
|
|
ZOOKEEPER_NAME: helk-zookeeper
|
2020-01-03 17:19:57 +00:00
|
|
|
KAFKA_CREATE_TOPICS: winlogbeat, SYSMON_JOIN, filebeat, nxlog_mordor
|
v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3
HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)
helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.
helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g
helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.
helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)
helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)
helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic
helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time
helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)
helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.
helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0
helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
|
|
|
KAFKA_HEAP_OPTS: -Xmx1G -Xms1G
|
2019-02-22 08:13:14 +00:00
|
|
|
LOG_RETENTION_HOURS: 4
|
2018-05-03 19:54:12 +00:00
|
|
|
ports:
|
|
|
|
- "9092:9092"
|
|
|
|
networks:
|
|
|
|
helk:
|
v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3
HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)
helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.
helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g
helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.
helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)
helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)
helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic
helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time
helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)
helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.
helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0
helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
|
|
|
helk-ksql-server:
|
2019-05-21 04:51:24 +00:00
|
|
|
image: confluentinc/cp-ksql-server:5.1.3
|
v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3
HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)
helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.
helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g
helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.
helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)
helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)
helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic
helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time
helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)
helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.
helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0
helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
|
|
|
container_name: helk-ksql-server
|
2019-12-30 20:05:04 +00:00
|
|
|
logging:
|
|
|
|
driver: "json-file"
|
|
|
|
options:
|
|
|
|
max-file: "5"
|
|
|
|
max-size: "1m"
|
2018-05-03 19:54:12 +00:00
|
|
|
restart: always
|
|
|
|
depends_on:
|
v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3
HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)
helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.
helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g
helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.
helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)
helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)
helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic
helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time
helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)
helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.
helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0
helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
|
|
|
- helk-kafka-broker
|
2018-05-03 19:54:12 +00:00
|
|
|
environment:
|
v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3
HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)
helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.
helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g
helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.
helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)
helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)
helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic
helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time
helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)
helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.
helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0
helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
|
|
|
KSQL_BOOTSTRAP_SERVERS: helk-kafka-broker:9092
|
|
|
|
KSQL_LISTENERS: http://0.0.0.0:8088
|
|
|
|
KSQL_KSQL_SERVICE_ID: wardog
|
|
|
|
KSQL_CUB_KAFKA_TIMEOUT: 300
|
|
|
|
KSQL_KSQL_COMMIT_INTERVAL_MS: 2000
|
|
|
|
KSQL_KSQL_CACHE_MAX_BYTES_BUFFERING: 10000000
|
|
|
|
KSQL_KSQL_STREAMS_AUTO_OFFSET_RESET: earliest
|
2019-05-21 04:51:24 +00:00
|
|
|
KSQL_HEAP_OPTS: -Xmx1g
|
2020-01-03 17:19:57 +00:00
|
|
|
KSQL_OPTS: "-Dconfluent.support.metrics.enable=false"
|
2018-05-03 19:54:12 +00:00
|
|
|
ports:
|
v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3
HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)
helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.
helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g
helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.
helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)
helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)
helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic
helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time
helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)
helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.
helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0
helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
|
|
|
- 8088:8088
|
|
|
|
networks:
|
|
|
|
helk:
|
|
|
|
helk-ksql-cli:
|
2019-05-21 04:51:24 +00:00
|
|
|
image: confluentinc/cp-ksql-cli:5.1.3
|
v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3
HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)
helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.
helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g
helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.
helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)
helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)
helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic
helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time
helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)
helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.
helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0
helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
|
|
|
container_name: helk-ksql-cli
|
2019-12-30 20:05:04 +00:00
|
|
|
logging:
|
|
|
|
driver: "json-file"
|
|
|
|
options:
|
|
|
|
max-file: "5"
|
|
|
|
max-size: "1m"
|
v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3
HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)
helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.
helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g
helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.
helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)
helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)
helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic
helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time
helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)
helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.
helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0
helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
|
|
|
depends_on:
|
|
|
|
- helk-ksql-server
|
|
|
|
environment:
|
2019-05-21 04:51:24 +00:00
|
|
|
KSQL_HEAP_OPTS: -Xmx1g
|
v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3
HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)
helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.
helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g
helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.
helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)
helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)
helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic
helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time
helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)
helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.
helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0
helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
|
|
|
entrypoint: /bin/sh
|
|
|
|
tty: true
|
|
|
|
networks:
|
|
|
|
helk:
|
2019-05-21 04:51:24 +00:00
|
|
|
helk-jupyter:
|
|
|
|
build: helk-jupyter/
|
|
|
|
container_name: helk-jupyter
|
2019-12-30 20:05:04 +00:00
|
|
|
logging:
|
|
|
|
driver: "json-file"
|
|
|
|
options:
|
|
|
|
max-file: "5"
|
|
|
|
max-size: "1m"
|
2019-05-21 04:51:24 +00:00
|
|
|
environment:
|
|
|
|
JUPYTER_TYPE: lab
|
|
|
|
JUPYTER_BASE_URL: /jupyter
|
2019-05-29 22:50:00 +00:00
|
|
|
volumes:
|
|
|
|
- notebooks:/opt/helk/jupyter/notebooks
|
2019-05-21 04:51:24 +00:00
|
|
|
restart: always
|
|
|
|
depends_on:
|
|
|
|
- helk-logstash
|
|
|
|
networks:
|
|
|
|
helk:
|
|
|
|
helk-spark-master:
|
|
|
|
image: cyb3rward0g/helk-spark-master:2.4.3
|
|
|
|
container_name: helk-spark-master
|
2019-12-30 20:05:04 +00:00
|
|
|
logging:
|
|
|
|
driver: "json-file"
|
|
|
|
options:
|
|
|
|
max-file: "5"
|
|
|
|
max-size: "1m"
|
2019-05-21 04:51:24 +00:00
|
|
|
environment:
|
|
|
|
SPARK_MASTER_PORT: 7077
|
|
|
|
SPARK_MASTER_WEBUI_PORT: 8080
|
|
|
|
ports:
|
|
|
|
- "8080:8080"
|
|
|
|
restart: always
|
|
|
|
depends_on:
|
|
|
|
- helk-logstash
|
|
|
|
networks:
|
|
|
|
helk:
|
|
|
|
helk-spark-worker:
|
|
|
|
image: cyb3rward0g/helk-spark-worker:2.4.3
|
|
|
|
container_name: helk-spark-worker
|
2019-12-30 20:05:04 +00:00
|
|
|
logging:
|
|
|
|
driver: "json-file"
|
|
|
|
options:
|
|
|
|
max-file: "5"
|
|
|
|
max-size: "1m"
|
2019-05-21 04:51:24 +00:00
|
|
|
environment:
|
|
|
|
SPARK_MASTER: spark://helk-spark-master:7077
|
|
|
|
SPARK_WORKER_MEMORY: 1g
|
|
|
|
SPARK_WORKER_WEBUI_PORT: 8081
|
|
|
|
SPARK_WORKER_PORT: 42950
|
|
|
|
restart: always
|
|
|
|
depends_on:
|
|
|
|
- helk-spark-master
|
|
|
|
networks:
|
|
|
|
helk:
|
2018-08-24 15:41:25 +00:00
|
|
|
|
2018-02-25 07:59:44 +00:00
|
|
|
networks:
|
|
|
|
helk:
|
|
|
|
driver: bridge
|
|
|
|
|
|
|
|
volumes:
|
|
|
|
esdata:
|
2018-08-24 15:41:25 +00:00
|
|
|
driver: local
|
2019-05-29 22:50:00 +00:00
|
|
|
notebooks:
|
|
|
|
driver: local
|
|
|
|
|
2018-08-24 15:41:25 +00:00
|
|
|
secrets:
|
|
|
|
elasticsearch.yml:
|
v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3
HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)
helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.
helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g
helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.
helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)
helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)
helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic
helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time
helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)
helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.
helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0
helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
|
|
|
file: ./helk-elasticsearch/config/elasticsearch.yml
|
2018-08-24 15:41:25 +00:00
|
|
|
logstash.yml:
|
v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3
HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)
helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.
helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g
helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.
helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)
helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)
helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic
helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time
helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)
helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.
helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0
helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
|
|
|
file: ./helk-logstash/config/logstash.yml
|
2018-08-24 15:41:25 +00:00
|
|
|
kibana.yml:
|
v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3
HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)
helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.
helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g
helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.
helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)
helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)
helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic
helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time
helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)
helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.
helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0
helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-13 21:27:17 +00:00
|
|
|
file: ./helk-kibana/config/kibana.yml
|
2018-08-24 15:41:25 +00:00
|
|
|
htpasswd.users:
|
|
|
|
file: ./helk-nginx/htpasswd.users
|