search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.49k stars 1.7k forks source link

Cuckoo & ELK #2065

Open seantree opened 6 years ago

seantree commented 6 years ago

Hello Everyone, Is there any guide or references that how to setup ELK with cuckoo, So that it will be amazing to see the output. . Waiting for positive reply. . Thanks & Regards Seantree

Ryuchen commented 6 years ago

cuckoo sandbox already has elasticsearch template.json, so you just need the elasticsearch offical guid to set with kibana connect to local server elasticsearch. Or you mean you need the full command guid line?

jbremer commented 6 years ago

We don't have full-on documentation on this, unfortunately. If somebody would be interested in writing a such document, please do let me know.

SparkyNZL commented 6 years ago

It depends on what your looking for, currently the search results already go into ES , I see no reason why you couldn't consume the json reports with filebeat, logstash, and look at the results in kibana.

I use the ELK stack on my systems a lot here for reporting etc, and injesting the json files would work until the analysis directory got to big and filebeat would not keep up monitoring all the analysis folders

But can feed some stuff in and see what we can see. The json report is formatted correctly so should be fairly easy.

If you have cerebro installed you can manage your indexes better as well and have a look at the templates. Keep in mind things need to be scalable and ingesting all the data from every json report could make for a rather large ES instance

anust commented 3 years ago

I need updated es7 template, as I am working with ES7.