Skip to content
This repository has been archived by the owner on Mar 22, 2024. It is now read-only.

Commit

Permalink
bump to 3.5.0 - add ES 7.x support
Browse files Browse the repository at this point in the history
  • Loading branch information
robcowart committed May 4, 2019
1 parent 89b7797 commit f25f086
Show file tree
Hide file tree
Showing 16 changed files with 77,983 additions and 68,227 deletions.
228 changes: 123 additions & 105 deletions CHANGELOG.md

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ LABEL org.opencontainers.image.created="$BUILD_DATE" \
org.opencontainers.image.url="https://github.com/robcowart/elastiflow-docker/elastiflow-logstash" \
org.opencontainers.image.documentation="https://github.com/robcowart/elastiflow-docker/elastiflow-logstash/README.md" \
org.opencontainers.image.source="https://github.com/robcowart/elastiflow" \
org.opencontainers.image.version="v3.4.2_6.1.3" \
org.opencontainers.image.version="v3.5.0_6.1.3" \
org.opencontainers.image.vendor="Robert Cowart" \
org.opencontainers.image.title="ElastiFlow™ - Logstash" \
org.opencontainers.image.description=""
Expand Down
178 changes: 92 additions & 86 deletions INSTALL.md

Large diffs are not rendered by default.

24 changes: 12 additions & 12 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
ElastiFlow™ provides network flow data collection and visualization using the Elastic Stack (Elasticsearch, Logstash and Kibana). It supports Netflow v5/v9, sFlow and IPFIX flow types (1.x versions support only Netflow v5/v9).

![ElastiFlow™](https://user-images.githubusercontent.com/10326954/52973891-f42ef900-33bf-11e9-8243-aed047decf3b.png)
![ElastiFlow™](https://user-images.githubusercontent.com/10326954/57181284-fc141a80-6e91-11e9-9ec5-d0864c25a088.png)

I was inspired to create ElastiFlow™ following the overwhelmingly positive feedback received to an article I posted on Linkedin... [WTFlow?! Are you really still paying for commercial solutions to collect and analyze network flow data?](https://www.linkedin.com/pulse/wtflow-you-really-still-paying-commercial-solutions-collect-cowart)

Expand All @@ -31,12 +31,12 @@ The following dashboards are provided.
### Overview

![Overview](https://user-images.githubusercontent.com/10326954/52973920-158fe500-33c0-11e9-96ed-606c01aca7c8.png)
![Overview](https://user-images.githubusercontent.com/10326954/57179336-290a0280-6e7d-11e9-8e34-f4d3f04567f7.png)

### Top-N

There are separate Top-N dashboards for Top Talkers, Services, Conversations and Applications.
![Top-N](https://user-images.githubusercontent.com/10326954/52973927-19bc0280-33c0-11e9-9352-76c483738c24.png)
![Top-N](https://user-images.githubusercontent.com/10326954/57181182-c02c8580-6e90-11e9-8cc6-b32424566dea.png)

### Threats

Expand All @@ -46,39 +46,39 @@ ElastiFlow™ includes a dictionary of public IP addresses that are known to
2. At-Risk Servers - Private Servers that are being reached by clients with a poor IP reputation.
3. High-Risk Clients - Private clients that are accessing public servers which have a poor reputation.

![Threats](https://user-images.githubusercontent.com/10326954/52973930-1c1e5c80-33c0-11e9-8aa8-87252461336c.png)
![Threats](https://user-images.githubusercontent.com/10326954/57181155-865b7f00-6e90-11e9-82f8-bb8e7b2df083.png)

### Flows

There are separate Sankey dashboards for Client/Server, Source/Destination and Autonomous System perspectives. The sankey visualizations are built using the new Vega visualization plugin.
![Flows](https://user-images.githubusercontent.com/10326954/52973933-204a7a00-33c0-11e9-91d8-7b194bd978eb.png)
![Flows](https://user-images.githubusercontent.com/10326954/57180877-65455f00-6e8d-11e9-9411-ca2b952748e7.png)

### Geo IP

There are separate Geo Loacation dashboards for Client/Server and Source/Destination perspectives.
![Geo IP](https://user-images.githubusercontent.com/10326954/52973940-27718800-33c0-11e9-88d9-466396e080e6.png)
![Geo IP](https://user-images.githubusercontent.com/10326954/57180209-cf0e3a80-6e86-11e9-8b7b-acd3a82181af.png)

### AS Traffic

Provides a view of traffic to and from Autonomous Systems (public IP ranges)
![AS Traffic](https://user-images.githubusercontent.com/10326954/52973944-2cced280-33c0-11e9-9e95-e2f17fbb7ea6.png)
![AS Traffic](https://user-images.githubusercontent.com/10326954/57180844-17305b80-6e8d-11e9-875e-a715d0c66a25.png)

### Exporters
### Flow Exporters

![Flow Exporters](https://user-images.githubusercontent.com/10326954/52973950-322c1d00-33c0-11e9-954d-7446f0bc2e23.png)
![Flow Exporters](https://user-images.githubusercontent.com/10326954/57180767-51e5c400-6e8c-11e9-9c06-6c34ec6ea922.png)

### Traffic Details

![Traffic Details](https://user-images.githubusercontent.com/10326954/52973955-35bfa400-33c0-11e9-89db-74e8754a7c25.png)
![Traffic Details](https://user-images.githubusercontent.com/10326954/57180793-86598000-6e8c-11e9-9dc1-341abafbd20e.png)

### Flow Records

![Flow Records](https://user-images.githubusercontent.com/10326954/52973958-38ba9480-33c0-11e9-96b3-9de9f2dceca6.png)
![Flow Records](https://user-images.githubusercontent.com/10326954/57180815-bf91f000-6e8c-11e9-823d-6fb10d5a9d16.png)

### Ziften ZFlow

ElastiFlow™ v3.4.0 added support for IPFIX records from Ziften's ZFlow agent. In addition to being fully integrated with the standard dashboards, a stand-alone ZFlow dashboards displays network traffic based on user and command data provided by ZFlow.
![Ziften ZFlow](https://user-images.githubusercontent.com/10326954/52973968-3ce6b200-33c0-11e9-98c5-20179ae80db3.png)
![Ziften ZFlow](https://user-images.githubusercontent.com/10326954/57181212-0da8f280-6e91-11e9-8725-4e06b22fc64b.png)

## Attribution

Expand Down
10 changes: 9 additions & 1 deletion SERVICES.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,14 @@ VyoPath, Inc.
9689 Avalon Drive
Frisco, Texas 75035
Phone: 469.850.2419
Phone: +1 469 850 2419
Email: [email protected]
````
# ElastiFlow™ Services Consultants
Independent ElastiFlow™ Services Consultants provide commercial deployment services and support for ElastiFlow.
Consultant | Location | Email
--- | --- | ---
Dmitry Vasilets | Berlin, Germany | [email protected]
1 change: 1 addition & 0 deletions SPONSORS.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,4 @@ I have received many notes of thanks for the ElastiFlow™ project. However
* Radek Černík
* Ian Graham
* CSIRT Gadgets, LLC
* Dmitriy Vasilets
10 changes: 7 additions & 3 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ version: '3'

services:
elastiflow-elasticsearch-oss:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.7.1
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.0.1
container_name: elastiflow-elasticsearch-oss
restart: 'no'
ulimits:
Expand All @@ -41,11 +41,15 @@ services:

network.host: 0.0.0.0
http.port: 9200
discovery.type: 'single-node'

indices.query.bool.max_clause_count: 8192
search.max_buckets: 100000

action.destructive_requires_name: 'true'

elastiflow-kibana-oss:
image: docker.elastic.co/kibana/kibana-oss:6.7.1
image: docker.elastic.co/kibana/kibana-oss:7.0.1
container_name: elastiflow-kibana-oss
restart: 'no'
depends_on:
Expand All @@ -62,7 +66,7 @@ services:
LOGGING_QUIET: 'true'

elastiflow-logstash-oss:
image: robcowart/elastiflow-logstash-oss:3.4.2_6.1.3
image: robcowart/elastiflow-logstash-oss:3.5.0_6.1.3
container_name: elastiflow-logstash-oss
restart: 'no'
depends_on:
Expand Down
2 changes: 1 addition & 1 deletion docker_build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,4 @@
# Robert Cowart are Copyright (C)2019 Robert Cowart. All Rights Reserved.
#------------------------------------------------------------------------------

docker build --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') -t robcowart/elastiflow-logstash-oss:3.4.2_6.1.3 .
docker build --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') -t robcowart/elastiflow-logstash-oss:3.5.0_6.1.3 .
Loading

0 comments on commit f25f086

Please sign in to comment.