-
Notifications
You must be signed in to change notification settings - Fork 0
Roadmap
Nina Barzh edited this page Sep 16, 2023
·
2 revisions
Initially, we do not expect the usual high amount of data for a SIEM stack. The simplest and safest route is to install Docker and Compose on our production host, then connect to it over SSH.
- Choose host (OS)
- Setting up and hardening Docker host
- Installing Docker and Docker Compose
- Set up certificates
We can beg, borrow, and steal, and fork existing Dockers to make changes and build our own stack for IPA project purposes. IOW, we use Wazuh-docker, make some necessary changes, and put a Graylog docker in between the Backend Storage and the Dashboard.
- Wazuh Indexer (SIEM Backend storage)
- Wazuh Dashboard (Kibana)
- Graylog
- Wazuh Manager/Agents (Wazuh server)
- Grafana
- MISP
- OpenCTI
- TheHIVE/Cortex
- Velociraptor/Agents
- Shuffle
- InfluxDB/Telegraf