Great video and please keep more of these videos !!!👏👏👏👏👏

I love your videos. Please keep on!

Good material. I am an application architect and learn a lot from this video.

Your awesome man this information is amazing

Nice work!

hello good afternoon, very good video to the letter I followed it. perfect.

Nice video bro, Thank you

another amazin video

Great video

Damn bro! Best tutorial

@ITSecurityLabs

2 жыл бұрын

Thank you

Hey. This video is extremely helpful. Thank you so much for making it. I followed it to the T and got everything working. However it appears there is an issue with the latest version of Java and log stash. Log stash is broken with java version 11.0.9+11. I am running the latest version of Ubuntu 18.04. Any ideas? I'd be happy to send you the logs

Hey ,, is it possible use this without logstash, i have environment from filebeat directly to elasticsearch. If possible, can you please do a video for it?? Thanks so much

Thanks for posting. I like your style/system of setting up a network. I use Proxmox and going to apply this to my system.

hey! great video! can you make video on Kibana configuration please? Ubuntu-surikata-filebeat(?)-kibana? Is that how it works? Also, is there a way to collect logs from suricata, send them over to a main server where kibana installed and import the logs into kibana? Really need to know. Thank you!

Hi, how can setup ddos attack rule in suricate 4.1 version on Centos? I used default rule which was created from suricate itself. Could you plz help me for the above problem. Another query sometime I can able to see the detection and alert for our network in suricate but when I am trying to attack from remote machine to our network that’s not detecting and also not getting traffic in suricata. Suricata is running on esxi and enabled promiscuous on esxi.

Like the theory but between memory leaks and overutilization of memory had the put snort back.

Hello, when I run the make install-rules command I get an error to say the file is not in gzip format. How do I get around this please?

Hi, I used suricata on esxi and i have enabled promiscuous on esxi vswitch and we have direct connectivity esxi with core switch which is connected on wan firewall and already configured span on core switch as input on wan interface and out filter as interface where is esxi nids connected. In some cases i am able to see the other esxi traffic on my nids which belongs from my same infra but VMs traffic (these vm is running in different esxi) is not able to see on my nids. Note:- When i am generating traffic on esxi which belongs to the same i cant see the traffic on nids but in some time i am able to see attacks on thes esxi and that is captured on nids. i dont know whats problem here Could you please help me with this.

nice video able to do one with firewall ?

It will be great if you can do a video for this essential step (Port Mirroring) for Cisco Meraki and Pfsense ... Thank you ! I would love to have some info for Ubiquiti Dream Machine Pro but from your videos i don't think that you have that machine .....

@shanemckay7838

4 жыл бұрын

maofeichen.com/network/2019/07/30/pfsense-traffic-mirroring.html

@periklhsvasilakis8115

4 жыл бұрын

@@shanemckay7838 Thanks for your reply ! Do you know how can i do it also using Dream machine Pro from Ubiquiti?

hey, i wont to install and implement on Centos 7 :( Help Me. Thank you

@All is there a way we can implement it on AWS somehow? But i have all servers attached to public subnets. If there is way please let me know. Thanks in advance

Wondering for all that kind of systems IDS, do we have just to connect it to the same switch where our network is? So just connect to a switch will work ? Or we need a firewall in front and do some configuration on it? If yes what we have to do? I like Ubiquiti Dream Machine Pro and Pfsense .... Can you please do a video for it? Thank you

@ITSecurityLabs

4 жыл бұрын

Yes you can mirror traffic from any switch on your network that supports port mirroring. However you want to be strategic , say monitor the Lan to Wan ports.

can you port mirror on vmware workstation pro?

How does this compare to the Suricata module that can be enabled of filebeat? Helpful video, thanks!

@ITSecurityLabs

3 жыл бұрын

It works the same way. This comes with a parser that gives us more data fields and also preset kibana dashboards in addition to the ones that elastic provides us.

Brother How do I setup this same thing in a security onion, I think my security onion already has this installed by default and want to setup as yours.

HEY! My dashboards are all ok except the HTTP one. It does not show any values

Hello sir, can this work in Wazuh?

Hey dude! I already have a Pfsense with a suricata installed how can i get my datas from there and put them in Dashboard ?

@shanemckay7838

4 жыл бұрын

I found this tutorial to ship Suricata logs from pfsense to Logstash via Filebeat. I haven't tried it yet but perhaps this could merge with these Kibana dashboards. villekaaria.eu/2019/03/24/suricata-logs-to-logstash-with-filebeat-on-pfsense-2-4 How to create a span port on pfsense maofeichen.com/network/2019/07/30/pfsense-traffic-mirroring.html

@christianclark566

3 жыл бұрын

I.T Security Labs have you made a video on how to do this?

So will it be necessary to implement winlog or auditbeats when you have this done

@ITSecurityLabs

4 жыл бұрын

Walter Gauti yes. This will analyze network communications. You also need host level visibility on critical systems.

How to get all traffic from Mikrotik Router to suricata?

Need your help

I have the filebeat, logstash and suricata running and I can see the traffic on the tcpdump but kibana is not populating, any suggestions? Thank you for this great content.

@ITSecurityLabs

4 жыл бұрын

Two things to check. Did the indexes get created in Kibana? Also, are all your machines’ time zones synchronized? , ie do the logs have the correct time as kibana?

@emmanuelatala4043

4 жыл бұрын

@@ITSecurityLabs The timezones are synced and there's no index for suricata.

@ITSecurityLabs

4 жыл бұрын

Emmanuel Atala did you remove the default log stash config? comment our everything in /etc/logstash/Conf.d

@emmanuelatala4043

4 жыл бұрын

@@ITSecurityLabs I did and got the same result, not sure what else might be wrong I went through the tutorial again and still, traffic is still being sent out to the SIEM so all up to that point seems to be working.

@emmanuelatala4043

4 жыл бұрын

​@@ITSecurityLabs​ I got it working, I had issues because I had the latest ubuntu server on the suricata server and some weird java errors on the SIEM server. Thank for you response and keep up with the great content.

hey man.very good videos.....mine is not working :(

at 23:30 why you escape number 3?

I install not running

Hi sir

@I.T Security Labs For some reason I cannot reach my kibana webpage.

@ITSecurityLabs

4 жыл бұрын

nana Poku is kibana service running? What is the output for “service kibana status” ?

@nanapee2319

4 жыл бұрын

@@ITSecurityLabs Yes, is active and running

@nanapee2319

4 жыл бұрын

@@ITSecurityLabs I got it working. But the strange thing is I cannot access it on host machine anymore which I used to. Now it can be only accessed on the guest (windows 10) machine on vmware

is all those suricata rules reflecting/mirroring on the IPTABLES conf file? For newbies like me, I would appreciate it you did waste our time,because I would want a detailed step by step on how to get all the programs to work to report back to Elastic. I'm not good in Linux and I dont know the specific commands in order to follow every step you have in this video to get in the correct directory. I mean those you did not show because you wanted to save time. Also,do all those ports needed to be port forwarded on your router or on your Windows firewall settings?

@ITSecurityLabs

4 жыл бұрын

I can help. What do you need help with ? The whole suricata config?

@andersgjerlw9636

4 жыл бұрын

@@ITSecurityLabs I'm asking for when I'm going to set up a SIEM solution with all this as my guide, I would like a detailed step-by-step as possible.So not right now,but thank you very much for offering your time to help a stranger on KZread.

@rubenlozano2238

3 жыл бұрын

@@ITSecurityLabs Hello, if you can help me I am implementing meerkat, and I have some doubts to make everything work

Hi i m not using VMware , I m using proxmox server

@ITSecurityLabs

4 ай бұрын

Should still work in proxmox

halo, why in my dashboard, there is no suricata log? whereas in my suricata vm has been detected the log using command "tail -f /var/log/suricata/fast.log" please respond where is the mis step that i did? i did whole step that u told. thanks.

Great Content !! For some reason synlite logstash.output is getting 401 authentication error , any tip to help solve it ?

@ITSecurityLabs

Жыл бұрын

Hard to tell, can you post your output?