This repository has been archived by the owner on Sep 13, 2023. It is now read-only.
forked from TravisFSmith/SweetSecurity
-
Notifications
You must be signed in to change notification settings - Fork 0
Sweet Security Cloud for FREE
xmaster edited this page Apr 9, 2018
·
3 revisions
This page will guide how to migrate to minimal working sweet security system with minimal cost and maximum performance.
Implementation principles:
- Using hosted ELK solutions to show and alert on the BroIDS logs
- Minimal managemnt console to control the devices
Requirements:
- A local RPI
- A GCP micro instance (always free instance even after the trial expires)
- An ELK hosted account (can be a free account)
Changes required for that:
- Install normally (RPI + SMALL instance in GCP) - See the sweet security WIKI for that
- Change logstash to send data to a free ELK service (for example logz.io)
- Open a free hosted Elastic instance (For example in bonsai.io)
- Migrate Elastic indexes [sweet_security, sweet_security_alerts, tardis] to the new hosted cluster. Use elasticdump for the migration
- Change the ES connection under the files in /var/www/ to point to the new ES cluster
- Stop and disable the following services: elasticsearch, kibana, sweet_security_server
- Stop the GCP instance
- Change GCP instance to micro and start it
Issues: the Baseliner (which feeds the tardis index in the ES) will not work, as a result the following will not work
- Alerts
- Baseline information in devices