Skip to content

An inventory management example consists of elasticsearch/kibana + filebeat + osquery

Notifications You must be signed in to change notification settings

sjitech/elasticsearch_kibana

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

elasticsearch_kibana

An inventory management example consists of elasticsearch/kibana + filebeat + osquery

Architecture

  resources

This example include just one test docker conainer with osquery preinstalled. Other docker containers are for unrelated purpose.

Usage:

Prepare

  1. Install Docker

  2. If you are using Docker for Mac or Windows, please allocate enough memory(2GB?) for it because elasticsearch/kibana cost pretty much memory.

  3. Download docker-compose.yml and related files https://github.com/jjqq2013/misc/tree/master/elasticsearch6.2.2

    git clone https://github.com/jjqq2013/misc
    cd misc/elasticsearch6.2.2
    

    or if you do not want to clone unrelated files, you can use:

    svn export https://github.com/jjqq2013/misc/trunk/elasticsearch6.2.2
    cd elasticsearch6.2.2
    

Run

docker-compose up

Then you can use kibana at http://localhost:5601 to view elasticsearch.

The cool things of osquery

osquery can be set to output only changed info such as new installed packages (of course can send complete info), perioidically.

The cool things of elasticsearch/kibana6.2.2

  • All available search keys and values are automatically listed in filter input dialog.
  • All available search keys and top 5 values are automatically listed in panel.

So you no longer need to input query language normally.

Here are some snapshots:

About

An inventory management example consists of elasticsearch/kibana + filebeat + osquery

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published