packtpublishing / threat-hunting-with-elastic-stack Goto Github PK
View Code? Open in Web Editor NEWThreat Hunting with Elastic Stack, Published by Packt
License: MIT License
Threat Hunting with Elastic Stack, Published by Packt
License: MIT License
I am a teacher from Spain. I have bought the book and it is awesome.
I want the students to set up the labs on the cloud, using virtual machines on AWS or Azure. Do you think it would be possible? Opinions?
Hello!
After adding the system module to filebeat, I had the following error:
Exiting: Failed to start crawler: creating module reloader failed: could not create module registry for filesets: module system is configured but has no enabled filesets
After checking the filebeats.yml, I saw that there was an option to reload the configs.
# ============================== Filebeat modules ==============================
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: false
Changing reload.enabled from false to true solved the problem.
reload.enabled: true
Hello guys once again!
While trying to make curl requests to the initial Elasticsearch instance, I was getting the following error: curl: (52) Empty reply from server.
Elasticsearch was running as normal from systemctl status however the reply was empty.
Checking on stackoverflow, I saw the following post:
https://stackoverflow.com/questions/35921195/curl-52-empty-reply-from-server-timeout-when-querying-elastiscsearch
Which stated that we need to change xpack.security.enabled to false as it seems from Elastic 8.1, it's been a default setting.
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 13-08-2022 12:01:10
#
# --------------------------------------------------------------------------------
# Enable security features
xpack.security.enabled: true
So if we change xpack from true to false, we are now able to make curl requests without SSL.
xpack.security.enabled: false
Thanks once again!
Hey there!
While I was checking the github file on the yml file, I followed the format as follows:
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.node: single-node
discovery.seed_hosts: ["0.0.0.0"]
#
However, initially I was getting errors and didn't understand why.
When I checked the PDF/book version the single-node parameter is incorrect in the github file.
The correct is discovery.type and note discovery.node..
discovery.type: single-node
Thanks for the amazing book so far!
Hello there!
While having resolved the previous issue, I still had problems starting the elastic instance.
When I checked the logs, I noticed that there was an automatic cluster starting.
Perhaps as a new default configuration, the initial cluster isn't commented by default.
When I commented, "cluster.initial_master_nodes", I was able to finally start my instance without an issue.
Since in the lab and book, we are creating a single node, it was causing conflicts with the option turned on.
# --------------------------------------------------------------------------------
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["STATIC HOST NAME HERE IN THIS FIELD"]
# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0
# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0
Doing the following, resolved the issue:
# cluster.initial_master_nodes: ["STATIC HOST NAME HERE IN THIS FIELD"]
Thanks once again!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.