HELK/docker/helk-kibana-analysis-trial.yml

169 lines
4.7 KiB
YAML

version: '3.5'
services:
helk-elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:6.6.1
container_name: helk-elasticsearch
secrets:
- source: elasticsearch.yml
target: /usr/share/elasticsearch/config/elasticsearch.yml
volumes:
- esdata:/usr/share/elasticsearch/data
- ./helk-elasticsearch/scripts:/usr/share/elasticsearch/scripts
entrypoint: /usr/share/elasticsearch/scripts/elasticsearch-entrypoint.sh
environment:
- cluster.name=helk-cluster
- node.name=helk-1
- xpack.license.self_generated.type=trial
- xpack.security.enabled=true
- "ELASTIC_PASSWORD=${ELASTIC_PASSWORD}"
ulimits:
memlock:
soft: -1
hard: -1
nproc: 20480
nofile:
soft: 160000
hard: 160000
restart: always
networks:
helk:
helk-logstash:
build: helk-logstash/
container_name: helk-logstash
volumes:
- ./helk-logstash/pipeline:/usr/share/logstash/pipeline
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
- ./helk-logstash/plugins:/usr/share/logstash/plugins
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
- ./helk-logstash/scripts:/usr/share/logstash/scripts
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
environment:
- xpack.monitoring.elasticsearch.username=logstash_system
- xpack.monitoring.elasticsearch.password=logstashpassword
- "ELASTIC_PASSWORD=${ELASTIC_PASSWORD}"
ports:
- "5044:5044"
- "8531:8531"
restart: always
depends_on:
- helk-kibana
networks:
helk:
helk-kibana:
image: docker.elastic.co/kibana/kibana:6.6.1
container_name: helk-kibana
secrets:
- source: kibana.yml
target: /usr/share/kibana/config/kibana.yml
volumes:
- ./helk-kibana/dashboards:/usr/share/kibana/dashboards
- ./helk-kibana/scripts:/usr/share/kibana/scripts
entrypoint: /usr/share/kibana/scripts/kibana-entrypoint.sh
environment:
KIBANA_UI_PASSWORD: ${KIBANA_UI_PASSWORD}
ELASTICSEARCH_PASSWORD: ${ELASTIC_PASSWORD}
restart: always
depends_on:
- helk-elasticsearch
networks:
helk:
helk-nginx:
image: cyb3rward0g/helk-nginx:0.0.7
container_name: helk-nginx
volumes:
- ./helk-nginx/config/trial-elk:/etc/nginx/sites-available/default
- ./helk-nginx/scripts/:/opt/helk/scripts/
entrypoint: /opt/helk/scripts/nginx-entrypoint.sh
ports:
- "80:80"
- "443:443"
restart: always
depends_on:
- helk-kibana
networks:
helk:
helk-zookeeper:
image: cyb3rward0g/helk-zookeeper:2.1.0
container_name: helk-zookeeper
restart: always
depends_on:
- helk-logstash
networks:
helk:
helk-kafka-broker:
image: cyb3rward0g/helk-kafka-broker:2.1.0
container_name: helk-kafka-broker
restart: always
depends_on:
- helk-zookeeper
environment:
KAFKA_BROKER_NAME: helk-kafka-broker
KAFKA_BROKER_ID: 1
KAFKA_BROKER_PORT: 9092
REPLICATION_FACTOR: 1
ADVERTISED_LISTENER: ${ADVERTISED_LISTENER}
ZOOKEEPER_NAME: helk-zookeeper
KAFKA_CREATE_TOPICS: winlogbeat, SYSMON_JOIN, filebeat, winsysmon, winsecurity
KAFKA_HEAP_OPTS: -Xmx1G -Xms1G
LOG_RETENTION_HOURS: 4
ports:
- "9092:9092"
networks:
helk:
helk-ksql-server:
image: confluentinc/cp-ksql-server:5.1.2
container_name: helk-ksql-server
restart: always
depends_on:
- helk-kafka-broker
environment:
KSQL_BOOTSTRAP_SERVERS: helk-kafka-broker:9092
KSQL_LISTENERS: http://0.0.0.0:8088
KSQL_KSQL_SERVICE_ID: wardog
KSQL_CUB_KAFKA_TIMEOUT: 300
KSQL_KSQL_COMMIT_INTERVAL_MS: 2000
KSQL_KSQL_CACHE_MAX_BYTES_BUFFERING: 10000000
KSQL_KSQL_STREAMS_AUTO_OFFSET_RESET: earliest
KSQL_HEAP_OPTS: -Xmx1g
ports:
- 8088:8088
networks:
helk:
helk-ksql-cli:
image: confluentinc/cp-ksql-cli:5.1.2
container_name: helk-ksql-cli
depends_on:
- helk-ksql-server
environment:
KSQL_HEAP_OPTS: -Xmx1g
entrypoint: /bin/sh
tty: true
networks:
helk:
helk-elastalert:
image: cyb3rward0g/helk-elastalert:0.2.1
container_name: helk-elastalert
restart: always
depends_on:
- helk-logstash
environment:
ES_HOST: helk-elasticsearch
ES_PORT: 9200
ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
networks:
helk:
networks:
helk:
driver: bridge
volumes:
esdata:
driver: local
secrets:
elasticsearch.yml:
file: ./helk-elasticsearch/config/elasticsearch.yml
kibana.yml:
file: ./helk-kibana/config/kibana.yml