-
Notifications
You must be signed in to change notification settings - Fork 68
Enabling Features
This document talks about enabling features within Kibana and the Security stack. In order to use all the features (mostly dashboards and reports) within Kibana SIEM you may have to modify your index mappings.
As an example you can use the provided Python script to create a new (or modify an existing) elasticsearch index and modify its mappings to support features/UI components within the Elastic Kibana SIEM feature set. Access this script here:
As an example you can use the provided Python script to create a new superuser within all services of elk-tls-docker. Access the script here to create a new superuser account:
To access or load elastic's pre-packaged signals (detection rules) you can run the following after creating the default space above. This script can be found here:
Now we need to add some data. You can do this the traditional way by just configuring all your systems to point to Logstash or Elasticsearch or Kibana or you can use a few shortcuts :)
I am providing two different shortcuts. The first is using a project I wrote called soc-faker and the other is sending data directly to the filebeat service. You can find them both below: