pcap_elasticsearch

Packet Capture with Pyshark and Elasticsearch

Network packet capture and analysis are commonly done with tools like tcpdump, snort, and Wireshark. These tools provide the capability to capture packets live from networks and store the captures in PCAP files for later analysis. A much better way to store packets is to index them in Elasticsearch where you can easily search for packets based on…

ossec_on_mac

Installing OSSEC on Mac OS

Sometimes building and deploying open-source systems on the Mac OS can be a bit of a pain. Don’t get me wrong I love the Mac, and most things Apple for that matter. But some of the libraries in the system tool chain are bit outdated. For those of you who want to run OSSEC on OS X Yosemite, you’ll…

kibana4ossec

Create an OSSEC Log Management Console with Kibana 4

It’s been awhile since Kibana 4 was released, so I figured it was about time I updated my OSSEC Log Management Console to use the latest and greatest Kibana. The look and feel of Kibana has changed quite a bit, with a new data discovery mode that let’s you browse your data quickly before you create…

Elasticsearch snapshots

Creating Elasticsearch Snapshots

Benjamin Franklin once wrote “…in this world nothing can be said to be certain, except death and taxes”. In this computerized world of ours, I would add having to backup your data to free up disk space to that list of eventualities. For Elasticsearch users, backups are done using the Elasticsearch snapshot facility. In this…