ITRS-Log-Analytics-7.x User Guide¶
- Data source and application management
- For below two, both IP or HOSTNAME (https://loganalytics-node.test:PORT) can be used because IP has been supplied in “alt_names”
- Elasticsearch trafic encryption
- There is also an option to use “127.0.0.1/localhost” and to not supply path to CA. Verification Mode should be then changed to “none”.
- SIEM Plan
- System security
- Security rules
- MS Windows SIEM rules
- Network Switch SIEM rules
- Cisco ASA devices SIEM rules
- Linux Mail SIEM rules
- Linux DNS Bind SIEM Rules
- Fortigate Devices SIEM rules
- Linux Apache SIEM rules
- RedHat / CentOS system SIEM rules
- Checkpoint devices SIEM rules
- Cisco ESA devices SIEM rule
- Forcepoint devices SIEM rules
- Oracle Database Engine SIEM rules
- Paloalto devices SIEM rules
- Microsoft Exchange SIEM rules
- Juniper Devices SIEM Rules
- Fudo SIEM Rules
- Squid SIEM Rules
- McAfee SIEM Rules
- Microsoft DNS Server SIEM Rules
- Microsoft DHCP SIEM Rules
- Linux DHCP Server SIEM Rules
- Cisco VPN devices SIEM Rules
- Netflow SIEM Rules
- MikroTik devices SIEM Rules
- Microsoft SQL Server SIEM Rules
- Postgress SQL SIEM Rules
- MySQL SIEM Rules
- Intelligence Module
- The fixed part of the screen
- Screen content for regressive algorithms
- Screen content for the Trend algorithm
- Screen content for the neural network (MLP) algorithm
- AI Rules List
- AI Learn
- AI Learn Tasks
- Scenarios of using algorithms implemented in the Intelligence module
- Scheduler Module
- Permission
- Register new algorithm
- Logstash
- Logstash - Input “beats”
- Logstash - Input “network”
- Logstash - Input SNMP
- Logstash - Input HTTP / HTTPS
- Logstash - Input File
- Logstash - Input database
- Logstash - Input CEF
- Logstash - Input OPSEC
- Logstash - Input SDEE
- Logstash - Input XML
- Logstash - Input WMI
- Logstash - Filter “beats syslog”
- Logstash - Filter “network”
- Logstash - Filter “geoip”
- Logstash avoiding duplicate documents
- Logstash data enrichment
- Logstash - Output to Elasticsearch
- Logstash plugin for “naemon beat”
- Logstash plugin for “perflog”
- Single password in all Logstash outputs
- Secrets keystore for secure settings
- Enabling encryption for Apache Kafka clients
- Integrations
- OP5 - Naemon logs
- OP5 - Performance data
- OP5 Beat
- The Grafana instalation
- The Beats configuration
- Wazuh integration
- BRO integration
- 2FA authorization with Google Auth Provider (example)
- Cerebro - Elasticsearch web admin tool
- Elasticdump
- Location
- Examples of use
- Copy an index from production to staging with analyzer and mapping
- Backup index data to a file:
- Backup and index to a gzip using stdout
- Backup the results of a query to a file
- Copy a single shard data
- Backup aliases to a file
- Import aliases into ES
- Backup templates to a file
- Import templates into ES
- Split files into multiple parts
- Import data from S3 into ES (using s3urls)
- Export ES data to S3 (using s3urls)
- Import data from MINIO (s3 compatible) into ES (using s3urls)
- Export ES data to MINIO (s3 compatible) (using s3urls)
- Import data from CSV file into ES (using csvurls)
- Copy a single index from a elasticsearch:
- Copy a single type:
- Usage
- All parameters
- Elasticsearch’s Scroll API
- Bypassing self-sign certificate errors
- An alternative method of passing environment variables before execution
- Curator - Elasticsearch index management tool
- Cross-cluster Search
- Sync/Copy
- XLSX Import
- Logtrail
- Tenable.sc
- Qualys Guard
- Embedding dashboard in iframe