Elastic Container

Stand up simple Elastic containers with Kibana, Fleet, and the Detection Engine. Requirements are minimal: *NIX or macOS, Docker, jq, and Git.

The Elastic Container Project is a project that allows users to quickly and easily stand up a 100% containerized Elastic stack, TLS secured, with Elasticsearch, Kibana, Fleet, and the Detection Engine all pre-configured, enabled and ready to use. This project is intended for security research on a local Elastic stack and should not be used in a production environment.

In order to use the project, users must first install prerequisites such as Docker suite, jq, curl, and git. Depending on the operating system, the installation process may vary. For example, MacOS users can use Homebrew to install the prerequisites, while Ubuntu users must install the docker-compose-plugin. Once the prerequisites are installed, users must provide Docker with privileged access and start the Docker suite.

Once the prerequisites are installed, users can clone the repository and change the default password of ‘changeme’ in the .env file. Additionally, users can bulk enable pre-built detection rules by OS in the .env file. After that, users must make the elastic-container.sh shell script executable and execute it with the start argument. After a few minutes, users can browse to https://localhost:5601 and log in with the configured credentials.

The project also provides other commands such as destroy, stop, restart, status, and clear. The destroy command will stop the Elasticsearch and Kibana containers, delete the Elasticsearch and Kibana containers, delete the elasticcontainer network, and delete the created volumes. The stop command will stop the Elasticsearch and Kibana containers without deleting them. The restart command will restart all the containers. The status command will return the current status of the running containers. The clear command will clear all documents in logs and metrics indices. The staging command will download all container images to the local system, but will not start them.

Finally, users can modify the variables in the .env file, such as the ELASTIC_PASSWORD, KIBANA_PASSWORD, and STACK_VERSION. This allows users to change the default values and use different Elastic Stack versions.

In conclusion, the Elastic Container Project is a project that allows users to quickly and easily stand up a 100% containerized Elastic stack, TLS secured, with Elasticsearch, Kibana, Fleet, and the Detection Engine all pre-configured, enabled and ready to use. It provides users with a variety of commands

📓 Elastic Container

👉🏽 Stand up simple Elastic containers with Kibana, Fleet, and the Detection Engine. Requirements are minimal: *NIX or macOS, Docker, jq, and Git. 👉🏽 Quickly and easily set up a fully containerized Elastic stack with TLS security. 👉🏽 Pre-configured and enabled Elasticsearch, Kibana, Fleet, and Detection Engine components. 👉🏽 Intended for security research on a local Elastic stack, not for production use. 👉🏽 Requires installation of prerequisite tools like Docker suite, jq, curl, and git. 👉🏽 Installation process may vary depending on the operating system. 👉🏽 Clone the repository and change default password and enable pre-built detection rules. 👉🏽 Make the elastic-container.sh script executable and start Docker suite. 👉🏽 Access the configured Elastic stack at https://localhost:5601 with provided credentials. 👉🏽 Additional commands available, such as destroy, stop, restart, status, and clear. 👉🏽 Modify variables in the .env file to customize passwords and Elastic Stack version.

🔗 source link: https://github.com/peasead/elastic-container

🔗 summarized content: https://hut.threathunterz.com/battlefield-intel/tradecraft-tools/elastic-container

#ElasticContainerProject #ContainerizedElasticStack #SecurityResearch #PrerequisitesInstallation #Commands