search

cisagov / LME

Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations secure their infrastructure.
https://www.cisa.gov/resources-tools/services/logging-made-easy
Other
889 stars 72 forks source link

Research ElastAlert 2 integration or another tool for free alerting #412

Closed safiuddinr closed 3 weeks ago

mreeve-snl commented 2 months ago

Ideally we have the following out of this:

  1. podman command to start elastalert: 
    podman run --net=es_default -d --name elastalert --restart=always -v $(pwd)/elastalert.yaml:/opt/elastalert/config.yaml -v $(pwd)/rules:/opt/elastalert/rules docker.io/jertel/elastalert2 --verbose
  2. rules for alerting on detections: (./config/elastalert/rules/)
    a. monitor elasticsearch detections b. monitor wazuh detections
  3. elastalert config: (./config/elastalert/elastalert.yml)
    a. email out detections trigger
  4. documentation around elastalert for the above