Skip to content

Home

Jump to bottom
bruneaug edited this page Aug 12, 2024 · 5 revisions

Troubleshooting Guides for DShield Sensor, DShield SIEM, Docker & Linux Commands

https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/Troubleshooting_SIEM_and_Sensor.md

DShield Sensor Traffic Flow

https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/DShield-SIEM-Flow.png

DShield SIEM

Main page to install the SIEM to monitor DShield logs

https://github.com/bruneaug/DShield-SIEM/tree/main?tab=readme-ov-file#dshield-sensor-log-collection-with-elasticsearch

Build a Docker Partition - 300 GB

https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/Build_a_Docker_Partition.md#building-a-separate-docker-partition

Configure the elastic-agent

https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/Configure-Elastic-Agent.md#add-elastic-agent-to-dshield-sensor

TTYLogs in Kibana

https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/Viewing_TTY_Logs_with_Lighttpd.md#viewing-tty-logs-with-lighttpd

ISC IP ThreatIntel

https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/ISC_threatintel.md#setup-filebeat-on-elk-server-for-isc-threatintel

Sensor Configuration

Packet Capture with daemonlogger

https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/packet_capture.md#packet-capture-with-daemonlogger

VirusTotal Hash Analysis

https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/virustotal_cowrie_malware_enrichment.md#virustotal-cowrie-malware-enrichment

Installing & Configuring Zeek

https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/Configure_Zeek_DShield_Sensor.md#installing-zeek-on-dshield-sensor

DShield Sensor Log Backup

https://github.com/bruneaug/DShield-SIEM/blob/main/AddOn/Backup_DShield_Sensor_Logs.md#backup-dshield-sensor-logs

Troubleshooting Tips

VMware Workstation Configuration with NAT

https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/ELK_VMware_Workstation.md#configuration-of-vwware-workstation-with-nat

Managing Elasticsearch Indices

https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/Managing_Elastic_Indices.md#managing-elasticsearch-indices

Manually Updating Dashboards

https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/Manually_Update_Management_Kibana_Saved_Objects.md#updating-dashboard-mapping

Recreating SSL Certificates

https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/Recreate_SSL_Certificates.md#updating-elk-components-docker-ssl-certificates

Useful List of Docker Commands

https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/docker_useful_commands..md#useful-docker-commands

Configuring SSL in Fleet

https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/fleet-server-examples.txt

Example of Port to Forward to DShield Sensor

https://github.com/bruneaug/DShield-SIEM/blob/main/Troubleshooting/DShield_Sensor_Port_Forwardng_Example.PNG

Clone this wiki locally