Skip to content
hotrock is Event Intelligence
PowerShell HCL Python Smarty Shell Dockerfile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
charts 1.0.1 Aug 15, 2019
client Removing duplicate folders Sep 30, 2019
docs
server Minor fixes Sep 30, 2019
.gitignore Initial release Jun 27, 2019
CCLA.md Initial Load Jun 12, 2019
CHANGELOG.md 1.0.1 Aug 15, 2019
Code_of_Conduct.md Typo Correction Jun 12, 2019
Contributing_Guidelines.md 1.0.0 Aug 15, 2019
Developer_Certificate_of_Origin.md Initial load Jun 12, 2019
GNU AFFERO GENERAL PUBLIC LICENSE.md 1.0.0 Aug 15, 2019
Governance.md
ICLA.md Initial Load Jun 12, 2019
README.md Minor fixes Sep 30, 2019
contributing.md Rename Contributing_Guidelines.md to contributing.md Jul 31, 2019
hotrock-overview.png Initial release Jun 27, 2019
license.md Rename GNU AFFERO GENERAL PUBLIC LICENSE.md to license.md Jul 31, 2019
pull_request_checklist.md Typo correction Jun 13, 2019

README.md

hotrock

About

You've got events, alerts, metrics... heaps at every turn. Let's put them to work.

hotrock seeks to address the challenge of transforming raw logs, alerts and time-series data into real intelligence without the traditional limitations of scale, extensibility or high cost.

  • Central source-of-truth across disparate cloud/application/service *aaS platforms
  • Easy to standup, low-maintenance
  • Integrate with leading ITSM solutions
  • Leverage open source with a cloud-native approach
  • Scale through containerization and serverless compute
  • Secure, end-to-end

Overview

Getting Started

See docs to get started.

Requirements & Resources

This repository contains files to build a Kubernetes Cluster in AWS for the purpose of storing and presenting data with an EFK stack.

The steps below will walk you through the process of building your own EFK stack, which will be able to ingest logs over the internet with an HTTP client (by default). However, Fluentd's chart/configuration can be modified to support most methods of shipping logs. It is not meant to be production-ready, but to give a jumping-off point for building and maintaining your stack.

hotrock requires and consumes the following resources

Terraform :

And AWS resources:

  • AWS Route 53
  • AWS VPC (dedicated)
  • AWS Classic LB
  • AWS EC2, EBS
  • AWS EKS
  • AWS Lambda

And Kubernetes resources:

Some alterations to the files in this project may be needed for other versions. This was tested on versions:

  • AWS EKS v1.13.x
  • Elasticsearch v7.2.1
  • Kibana v7.2.0
  • Filebeat (server logs) v7.2.1
  • Wazuh v3.9.3
  • Helm v2.13.x+
  • FluentD v1.3.x
  • Elastic Beats v7.1

Assumptions / Limitations

  • You have previous experience working wtih Kubernetes and Helm charts.
  • Kibana, Fluentd (HTTP/JSON log ingestion), and Wazuh (event auth and events) will be to be accessible from the internet through the Nginx Ingress Controller.
  • You want to deploy this stack programmatically through API calls with cURL. The only thing you need to do in a GUI is selecting the default Index Pattern in Kibana.
  • You want the option of creating fairly strict RBAC resources to have a reasonably secure foundation for your EFK environment.
  • You enjoy having an A+ on SSL Labs.
You can’t perform that action at this time.