Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-05-04 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

prep for ELK 7.13.4, start full integration of new honeypots

Browse source
This commit is contained in:
t3chn0m4g3 2021-08-25 15:04:27 +00:00
parent 05a7d33c9f
commit 06ef8850fe
4 changed files with 34 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docker/elk/elasticsearch/Dockerfile
View file

@ -1,7 +1,7 @@
FROM alpine:3.14 FROM alpine:3.14
# #
# VARS # VARS
ENV ES_VER=7.13.2 \ ENV ES_VER=7.13.4 \
ES_JAVA_HOME=/usr/lib/jvm/java-16-openjdk ES_JAVA_HOME=/usr/lib/jvm/java-16-openjdk
# Include dist # Include dist

4
docker/elk/kibana/Dockerfile
View file

@ -1,7 +1,7 @@
FROM node:14.16.1-alpine FROM node:14.17.2-alpine
# #
# VARS # VARS
ENV KB_VER=7.13.2 ENV KB_VER=7.13.4
# #
# Include dist # Include dist
ADD dist/ /root/dist/ ADD dist/ /root/dist/

2
docker/elk/logstash/Dockerfile
View file

@ -1,7 +1,7 @@
FROM alpine:3.14 FROM alpine:3.14
# #
# VARS # VARS
ENV LS_VER=7.13.2 ENV LS_VER=7.13.4
# Include dist # Include dist
ADD dist/ /root/dist/ ADD dist/ /root/dist/
# #

32
docker/elk/logstash/dist/logstash.conf vendored
View file

@ -71,6 +71,13 @@ input {
type => "Dicompot" type => "Dicompot"
} }
# Ddospot
file {
path => ["/data/ddospot/log/*.log"]
codec => json
type => "Ddospot"
}
# ElasticPot # ElasticPot
file { file {
path => ["/data/elasticpot/log/elasticpot.json"] path => ["/data/elasticpot/log/elasticpot.json"]
@ -78,6 +85,13 @@ input {
type => "ElasticPot" type => "ElasticPot"
} }
# Endlessh
file {
path => ["/data/endlessh/log/endlessh.log"]
codec => plain
type => "Endlessh"
}
# Glutton # Glutton
file { file {
path => ["/data/glutton/log/glutton.log"] path => ["/data/glutton/log/glutton.log"]
@ -85,6 +99,13 @@ input {
type => "Glutton" type => "Glutton"
} }
# Hellpot
file {
path => ["/data/hellpot/log/hellpot.log"]
codec => json
type => "Hellpot"
}
# Heralding # Heralding
file { file {
path => ["/data/heralding/log/auth.csv"] path => ["/data/heralding/log/auth.csv"]
@ -139,6 +160,13 @@ input {
type => "Rdpy" type => "Rdpy"
} }
# Redishoneypot
file {
path => ["/data/redishoneypot/log/redishoneypot.log"]
codec => json
type => "Redishoneypot"
}
# Host NGINX # Host NGINX
file { file {
path => ["/data/nginx/log/access.log"] path => ["/data/nginx/log/access.log"]
@ -550,7 +578,7 @@ if "_grokparsefailure" in [tags] { drop {} }
} }
# Add T-Pot hostname and external IP # Add T-Pot hostname and external IP
if [type] == "Adbhoney" or [type] == "Ciscoasa" or [type] == "CitrixHoneypot" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dicompot" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "Fatt" or [type] == "Glutton" or [type] == "Honeysap" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Honeypy" or [type] == "Ipphoney" or [type] == "Mailoney" or [type] == "Medpot" or [type] == "P0f" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Tanner" { # if [type] == "Adbhoney" or [type] == "Ciscoasa" or [type] == "CitrixHoneypot" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dicompot" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "Fatt" or [type] == "Glutton" or [type] == "Honeysap" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Honeypy" or [type] == "Ipphoney" or [type] == "Mailoney" or [type] == "Medpot" or [type] == "P0f" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Tanner" {
mutate { mutate {
add_field => { add_field => {
"t-pot_ip_ext" => "${MY_EXTIP}" "t-pot_ip_ext" => "${MY_EXTIP}"
@ -558,7 +586,7 @@ if "_grokparsefailure" in [tags] { drop {} }
"t-pot_hostname" => "${MY_HOSTNAME}" "t-pot_hostname" => "${MY_HOSTNAME}"
} }
} }
} # }
} }