search

securityclippy / elasticintel

Serverless, low cost, threat intel aggregation for enterprise or personal use, backed by ElasticSearch.
GNU General Public License v3.0
140 stars 24 forks source link

run this in docker locally #29

Open ssi0202 opened 6 years ago

ssi0202 commented 6 years ago

not knowing alot about aws but is there anything in here that would make it impossible just to run this in docker

securityclippy commented 6 years ago

@ssi0202 hey there! Unfortunately there are a TON of dependencies in the current project that make it nearly impossible to run in just docker. It makes use of a bunch of serverless functions as well as the AWS elasticsearch service in order to make setup and maintenance as painless as possible. I've been contemplating what it would take to move these abilities into Kubernetes, but that's probably going to require a full re-write.

Guessing there's no way you can use AWS? :)

ssi0202 commented 6 years ago

There is always a way but seeing I’m security dude and all I try to keep the amount of shadow it I create to a minimum thanks for getting back to me kubernetes is on the roadmap so a vote for that from me cool project!

/Simon

On Fri, 29 Jun 2018 at 21.52, clippy notifications@github.com wrote:

@ssi0202 https://github.com/ssi0202 hey there! Unfortunately there are a TON of dependencies in the current project that make it nearly impossible to run in just docker. It makes use of a bunch of serverless functions as well as the AWS elasticsearch service in order to make setup and maintenance as painless as possible. I've been contemplating what it would take to move these abilities into Kubernetes, but that's probably going to require a full re-write.

Guessing there's no way you can use AWS? :)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/securityclippy/elasticintel/issues/29#issuecomment-401457130, or mute the thread https://github.com/notifications/unsubscribe-auth/AI6LXFY9vXzVY6VLssEb1h7A-c7NcRPZks5uBoV_gaJpZM4U5O0P .

cplmayo commented 6 years ago

I am interested in this as well. I am using ELK to collect all of my logs from pfsense and suricata together and want to enrich and alert the events based on Threat Intel and this solution looks pretty amazing for the enrichment part of it. Don't know what the cost would be to run a personal AWS instance of this, $40 - 50 / Month? But if I could run locally it could reduce my cost.

securityclippy commented 6 years ago

@cplmayo for the first question, cost in aws, it really depends on how much data you're keeping. If you set ES to prune data older than 14-30 days, $40-$50 is probably pretty accurate.

I've got another project I'm currently dumping most of my time into right now, but when that's done (ish) in a month or two, I'm hoping to port most of this to kubernetes. I'll make sure to drop an update when that happens!