{"id":1766,"date":"2022-11-11T23:03:00","date_gmt":"2022-11-11T23:03:00","guid":{"rendered":"https:\/\/www.balajibandi.com\/?p=1766"},"modified":"2022-11-12T23:54:38","modified_gmt":"2022-11-12T23:54:38","slug":"build-siem-with-opensource-tools-made-easy","status":"publish","type":"post","link":"https:\/\/www.balajibandi.com\/?p=1766","title":{"rendered":"Build SIEM with OpenSource Tools ..Made easy."},"content":{"rendered":"\n

It’s been a Long time since I was thinking to create a SIEM using opensource tools<\/p>\n\n\n\n

Which has several components – All based on Linux Opensource tools.<\/p>\n\n\n\n

Tools I used and planned to integrate (be patient, take some time to get all running) but we get there slowly and finish testing and using the product.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Graylog – Log Server<\/a>
Wazuh Indexer – Data storage backend<\/a>
Wazuh – Log Analysis<\/a>
Kibana <\/a>– Grafana<\/a> – Visualization
The Hive – Case Management<\/a>
Shuffle – Automation<\/a>
OpenCTI<\/a> \/ MISP<\/a> – Intelligence Enrichment
Uptime Kuma – Health Monitoring<\/a><\/p>\n\n\n\n

Load balancer (LB) Linux-based with Syslog-ng or rsyslog for Logs collection.<\/p>\n\n\n\n

<\/p>\n\n\n\n

Above tools I am using apart from that, I may use Linux Loadbalancer (LB) to Loadbalance the logs from End Network devices, and also wazuh event collection to wazuh-manager from Windows events and logs.<\/p>\n\n\n\n

If you looking for logs to LB, then you need to use TCP (not UDP 514) TCP has a 3-way handshake so LB can detect the failures and LB accordingly.<\/p>\n\n\n\n

For PoC – I will be using All in one Server – Once that integration working and tested, each server will be in a different VM, I also want to use Kubernetes here with Docker for high available or node availability.<\/p>\n\n\n\n

For now, below VM specification for PoC :<\/p>\n\n\n\n

VM Specification :<\/strong><\/p>\n\n\n\n

CPU – 4 Cores<\/p>\n\n\n\n

RAM: 32GB<\/p>\n\n\n\n

HDD: 400GB ( SATA)<\/p>\n\n\n\n

Operating System: Ubuntu 20. X LTS<\/p>\n\n\n\n

Preparation :<\/p>\n\n\n\n

Linux installation – <\/strong><\/p>\n\n\n\n

Download ISO image from Ubuntu.<\/p>\n\n\n\n

Installed basic installation so we add later whatever packages required for our long goal.<\/p>\n\n\n\n

Once Ubuntu is installed and everything ok you get a login prompt.<\/p>\n\n\n\n

If you looking to enable root Login, by default root login is disabled.<\/p>\n\n\n\n

vi \/etc\/ssh\/sshd_config<\/strong> ( I use VI editor – please use whatever ever convenient for usage)<\/p>\n\n\n\n

PermitRootLogin yes<\/strong> <<- remove the # from of this line or change like this once you find the line.<\/p>\n\n\n\n

Press ESC and :wq <\/strong>for quit and write.<\/p>\n\n\n\n

change the password for root<\/p>\n\n\n\n

#password root (enter new password)<\/strong><\/p>\n\n\n\n

restart SSH Service to login using the root login user.<\/p>\n\n\n\n

\/etc\/init.d\/ssh restart<\/strong><\/p>\n\n\n\n

Try (I use putty) SSH using the root user. (now you have root user access and we are ready to install packages).<\/p>\n\n\n\n

Next step we will generate Certs and install WAZUH<\/strong><\/a><\/p>\n\n\n\n

happy Labbing …………………………….!<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

It’s been a Long time since I was thinking to create a SIEM using opensource tools Which has several components – All based on Linux Opensource tools. Tools I used and planned to integrate (be patient, take some time to get all running) but we get there slowly and finish testing and using the product. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1766","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/1766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1766"}],"version-history":[{"count":3,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/1766\/revisions"}],"predecessor-version":[{"id":1788,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/1766\/revisions\/1788"}],"wp:attachment":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}