Cyberdefense/VulnWhisperer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix #143, added a temporary container to upload through kibana API

Browse Source
This commit is contained in:
Quim
2019-03-04 15:10:51 +01:00
parent 86e792f5aa
commit 401dfec2c8
3 changed files with 474 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docker-compose.v6.yml
View File

@ -40,13 +40,24 @@ services:
esnet: esnet:
aliases: aliases:
- kibana.local - kibana.local
kibana-config:
image: alpine
container_name: kibana-config
volumes:
- ./resources/elk6/init_kibana.sh:/opt/init_kibana.sh
- ./resources/elk6/kibana_APIonly.json:/opt/kibana_APIonly.json
command: sh -c "apk add --no-cache curl bash && chmod +x /opt/init_kibana.sh && chmod +r /opt/kibana_APIonly.json && cd /opt/ && /bin/bash /opt/init_kibana.sh" # /opt/kibana_APIonly.json"
networks:
esnet:
aliases:
- kibana-config.local
logstash: logstash:
image: docker.elastic.co/logstash/logstash:6.6.0 image: docker.elastic.co/logstash/logstash:6.6.0
container_name: logstash container_name: logstash
volumes: volumes:
- ./resources/elk6/pipeline/:/usr/share/logstash/pipeline - ./resources/elk6/pipeline/:/usr/share/logstash/pipeline
#- ./resources/elk6/logstash.yml:/usr/share/logstash/config/logstash.yml
- ./data/:/opt/vulnwhisperer/data - ./data/:/opt/vulnwhisperer/data
#- ./resources/elk6/logstash.yml:/usr/share/logstash/config/logstash.yml
environment: environment:
- xpack.monitoring.enabled=false - xpack.monitoring.enabled=false
depends_on: depends_on:
@ -64,6 +75,7 @@ services:
"/opt/vulnwhisperer/vulnwhisperer.ini" "/opt/vulnwhisperer/vulnwhisperer.ini"
] ]
volumes: volumes:
- /opt/vulnwhisperer/data/:/opt/vulnwhisperer/data
- ./data/:/opt/vulnwhisperer/data - ./data/:/opt/vulnwhisperer/data
- ./resources/elk6/vulnwhisperer.ini:/opt/vulnwhisperer/vulnwhisperer.ini - ./resources/elk6/vulnwhisperer.ini:/opt/vulnwhisperer/vulnwhisperer.ini
network_mode: host network_mode: host

33
resources/elk6/init_kibana.sh Executable file
View File

@ -0,0 +1,33 @@
#!/bin/bash
#kibana_url="localhost:5601"
kibana_url="kibana.local:5601"
add_saved_objects="curl -u elastic:changeme -k -XPOST 'http://"$kibana_url"/api/saved_objects/_bulk_create' -H 'Content-Type: application/json' -H \"kbn-xsrf: true\" -d @"
#Create all saved objects - including index pattern
saved_objects_file="kibana_APIonly.json"
#if [ `curl -I localhost:5601/status | head -n1 |cut -d$' ' -f2` -eq '200' ]; then echo "Loading VulnWhisperer Saved Objects"; eval $(echo $add_saved_objects$saved_objects_file); else echo "waiting for kibana"; fi
until [ "`curl -I "$kibana_url"/status | head -n1 |cut -d$' ' -f2`" == "200" ]; do
curl -I "$kibana_url"/status
echo "Waiting for Kibana"
sleep 5
done
echo "Loading VulnWhisperer Saved Objects"
echo $add_saved_objects$saved_objects_file
eval $(echo $add_saved_objects$saved_objects_file)
#set "*" as default index
#id_default_index="87f3bcc0-8b37-11e8-83be-afaed4786d8c"
#os.system("curl -X POST -H \"Content-Type: application/json\" -H \"kbn-xsrf: true\" -d '{\"value\":\""+id_default_index+"\"}' http://elastic:changeme@"+kibana_url+"kibana/settings/defaultIndex")
#Create vulnwhisperer index pattern
#index_name = "logstash-vulnwhisperer-*"
#os.system(add_index+index_name+"' '-d{\"attributes\":{\"title\":\""+index_name+"\",\"timeFieldName\":\"@timestamp\"}}'")
#Create jira index pattern, separated for not fill of crap variables the Discover tab by default
#index_name = "logstash-jira-*"
#os.system(add_index+index_name+"' '-d{\"attributes\":{\"title\":\""+index_name+"\",\"timeFieldName\":\"@timestamp\"}}'")

428
resources/elk6/kibana_APIonly.json Executable file
View File

File diff suppressed because one or more lines are too long