{"id":266,"date":"2022-07-24T20:23:47","date_gmt":"2022-07-24T18:23:47","guid":{"rendered":"https:\/\/alban.pro\/?p=266"},"modified":"2024-02-14T15:37:19","modified_gmt":"2024-02-14T14:37:19","slug":"siem-elk","status":"publish","type":"post","link":"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/","title":{"rendered":"Mise en place d’un SIEM ELK"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

1- Pr\u00e9sentation d'ELK<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/p>\n

Tout d’abord ELK est une suite de 3 logiciels. Elasticsearch constitue le coeur de la Suite Elastic. C\u2019est un moteur de recherche et d\u2019analyse distribu\u00e9e, qui stocke les donn\u00e9es de mani\u00e8re centralis\u00e9e. Bas\u00e9 sur la biblioth\u00e8que Apache Lucene, et utilisant une base de donn\u00e9es orient\u00e9e documents, Elasticsearch peut effectuer des recherches sur des donn\u00e9es structur\u00e9es ou non-structur\u00e9es, explorer des tendances, identifier des mod\u00e8les dans les donn\u00e9es, le tout en temps r\u00e9el (de l\u2019ordre de la seconde). Kibana est l\u2019interface graphique permettant de visualiser les donn\u00e9es stock\u00e9es et analys\u00e9es par Elasticsearch. L\u2019interface est user-friendly et les divers graphiques sont pr\u00e9sent\u00e9s sous forme de dashboards personnalisables. Logstash prend en charge le formatage et l\u2019enrichissement des donn\u00e9es. Il peut \u00eatre consid\u00e9r\u00e9 comme un ETL (Extract Transform Load).\u00a0<\/span>Il re\u00e7oit des donn\u00e9es de sources vari\u00e9es envoy\u00e9es par Beats, y applique diverses transformations, et les transf\u00e8re \u00e0 Elasticsearch. Mais de nos jours Logstach est de moins en moins utilis\u00e9, voir plus du tout dans la version Cloud car nous pouvons maintenant envoyer les donn\u00e9es des agents directement vers Elastic.<\/span><\/p>\n

ELK nous propose diff\u00e9rents agents de la suite Beats :<\/p>\n

\u2022 Filebeat : ingestion de fichiers de logs.<\/p>\n

\u2022 Packetbeat : ingestion de fichiers de capture r\u00e9seau.<\/p>\n

\u2022 Auditbeat : ingestion de fichiers audit.<\/p>\n

\u2022 Heartbeat : v\u00e9rification si un service est disponible ou non.<\/p>\n

\u2022 Functionbeat : monitoring des environnements cloud.<\/p>\n

\u2022 Journalbeat : ingestion des logs systemd.<\/p>\n

\u2022 Metricbeat : collection des m\u00e9triques de diff\u00e9rents syst\u00e8mes.<\/p>\n

\u2022 Winlogbeat : collection de logs Windows.\u00a0<\/p>\n

\u2022 Elastic Agent : Agent qui permet de collecter plusieurs m\u00e9triques \u00e0 la fois. Dans ce projet nous allons principalement utiliser l\u2019agent Winlogbeat qui va nous servir \u00e0 r\u00e9colter les donn\u00e9es de machine Windows.<\/p>\n

<\/p>\n

<\/p>\n

<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Comme nous le voyons dans la figure 1 ci-dessus les agents pr\u00e9sents sur des \u00e9quipements enverrons leurs donn\u00e9es \u00e0 partir d\u2019un port g\u00e9n\u00e9r\u00e9 al\u00e9atoirement vers le port 9200 d\u2019Elastic. Kibana ensuite chercher ces donn\u00e9es stock\u00e9es sur Elastic pour nous permettre de les visualiser.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

2 - Configuration du SIEM ELK<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Pour r\u00e9aliser ce projet, nous avons utilis\u00e9 une Machine Virtuelle Linux Unbuntu h\u00e9berg\u00e9 sur un Vcenter avec les caract\u00e9ristiques suivantes :<\/p>\n

<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t
Figure 1<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

2.1 - Installation du SSH et RDP<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Une fois Ubuntu install\u00e9, nous devons mettre en place le SSH et le RDP :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\n

apt install openssh-server<\/o:p><\/span><\/p>\n\n

systemctl enable ssh<\/o:p><\/span><\/p>\n\n

systemctl start ssh<\/o:p><\/span><\/p>\n\n

apt install xrdp<\/o:p><\/span><\/p>\n\n

systemctl enable xrdp<\/o:p><\/span><\/p>\n\n

systemctl start xrdp<\/o:p><\/span><\/p>\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t
Figure 2<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

2.2 - Installation Elasticsearch<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous allons maintenant commencer l\u2019installation d\u2019Elasticsearch\nmais pour cela nous devons mettre en place un ntp (pour que les logs envoy\u00e9s\nvers Elastic soient \u00e0 la bonne heure) :<\/o:p><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\n

apt-<\/span>get<\/span> update<\/o:p><\/span><\/p>\n\n

apt-<\/span>get<\/span>\nupgrade<\/o:p><\/span><\/p>\n\n

apt-<\/span>get<\/span>\ninstall apt-transport-https wget gnupg<\/o:p><\/span><\/p>\n\n

timedatectl <\/span>set<\/span>-timezone <\/span>Europe<\/span>\/<\/span>Paris<\/span><\/o:p><\/span><\/p>\n\n

timedatectl <\/span>set<\/span>-ntp off<\/o:p><\/span><\/p>\n\n

apt-<\/span>get<\/span>\ninstall ntp <\/o:p><\/span><\/p>\n\n

systemctl enable ntp<\/o:p><\/span><\/p>\n\n

systemctl\nstart ntp<\/o:p><\/span><\/p>\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous d\u00e9finissons un hostname afo-siem.local qui va nous servir par la suite :<\/o:p><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n

hostnamectl <\/span>set<\/span>-hostname afo-siem.<\/span>local<\/span><\/p>\n

reboot<\/span><\/p>\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous installons ensuite Elasticsearch\u00a0:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\n

wget -O – https:<\/span>\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch\n| apt-key add –<\/span><\/o:p><\/span><\/p>\n\n

echo <\/span>\u00ab\u00a0deb\nhttps:\/\/artifacts.elastic.co\/packages\/7.x\/apt stable main\u00a0\u00bb<\/span> > <\/span>\/etc\/<\/span>apt\/sources.list.d\/elasticsearch.list<\/o:p><\/span><\/p>\n\n

apt-<\/span>get<\/span> update<\/o:p><\/span><\/p>\n\n

apt-<\/span>get<\/span> install elasticsearch<\/o:p><\/span><\/p>\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous ajoutons une premi\u00e8re configuration :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n

nano \/etc\/elasticsearch\/elasticsearch.yml<\/span><\/p>\n

#Dans le fichier\u00a0:<\/span><\/p>\n

network.host: <\/span>192.168<\/span>.<\/span>7.135<\/span><\/p>\n

cluster.initial_master_nodes: afo-siem.local<\/span><\/p>\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous d\u00e9marrons le service elasticsearch\u00a0:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\n

systemctl enable elasticsearch<\/o:p><\/span><\/p>\n\n

systemctl start elasticsearch<\/o:p><\/span><\/p>\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous pouvons voir qu\u2019Elasticsearch est bien d\u00e9marr\u00e9\u00a0:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

2.3 - Installation de Kibana<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\n

apt-<\/span>get<\/span> install kibana<\/o:p><\/span><\/p>\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous ajoutons une premi\u00e8re configuration pour Kibana\u00a0:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\n

nano\n\/etc\/kibana\/kibana.yml<\/o:p><\/span><\/p>\n\n

#Dans le\nfichier:<\/span><\/o:p><\/span><\/p>\n\n

server.host: <\/span>\u00ab\u00a0192.168.7.135\u00a0\u00bb<\/span><\/o:p><\/span><\/p>\n\n

elasticsearch.hosts: [http:<\/span>\/\/192.168.7.135:9200]<\/span><\/o:p><\/span><\/p>\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous d\u00e9marrons le service Kibana\u00a0:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\n

systemctl enable kibana<\/o:p><\/span><\/p>\n\n

systemctl start kibana<\/o:p><\/span><\/p>\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous pouvons voir que Kibana est bien d\u00e9marr\u00e9\u00a0:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Mise en place de SSL\/TLS<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous allons maintenant mettre en place SSL TLS pour s\u00e9curiser les communications entre Elasticsearch et Kibana :<\/p>\n

IP du serveur : 192.168.7.135
Hostname : afo-siem.local<\/span><\/h6>\n\n

<\/p>\n

Nous devons installer des paquets qui vont nous servir par la suite :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\n

apt-<\/span>get<\/span> update<\/o:p><\/span><\/p>\n\n

apt-<\/span>get<\/span>\ninstall curl unzip mlocate jq<\/o:p><\/span><\/p>\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous devons tout d\u2019abord cr\u00e9er un CA (Certification Authority) qui va nous servir \u00e0 signer nos propres certificats :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n

cd \/usr\/share\/elasticsearch<\/span><\/p>\n

bin\/elasticsearch-certutil ca –pem<\/span><\/p>\n

unzip
elastic-stack-ca.zip<\/span><\/p>\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

En d\u00e9compressant le fichier, on obtient notre dossier \u00ab\u00a0CA\u00a0\u00bb avec \u00e0 l\u2019int\u00e9rieur la cl\u00e9 et le certificat\u00a0du CA :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\n

ls ca\/<\/o:p><\/span><\/p>\n\n

ca.crt  ca.key<\/o:p><\/span><\/p>\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous allons donc maintenant d\u00e9placer ce dossier dans le dossier elasticsearch et les mettre dans un dossier \u00ab\u00a0certs\u00a0\u00bb pour mieux s\u2019y retrouver\u00a0:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\n

mkdir \/etc\/elasticsearch\/certs\/<\/o:p><\/span><\/p>\n\n

cp -r ca \/etc\/elasticsearch\/certs\/<\/o:p><\/span><\/p>\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous cr\u00e9ons ensuite notre certificat pour Elastic avec la commande suivante\u00a0(on sp\u00e9cifie l\u2019adresse IP et le DNS (qui est aussi l\u2019adresse IP).<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\n

bin\/elasticsearch-certutil cert –ca-cert ca\/ca.crt\n–ca-key ca\/ca.key –days <\/span>3500<\/span> –dns afo-siem.<\/span>local<\/span> –ip <\/span>192.168<\/span>.<\/span>7.135<\/span> -pem —<\/span>out<\/span> elastic.zip –name elastic <\/o:p><\/span><\/p>\n\n

unzip elastic.zip<\/o:p><\/span><\/p>\n\n

cp -r elastic \/etc\/elasticsearch\/certs\/<\/o:p><\/span><\/p>\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous modifions ensuite le fichier de configuration d\u2019Elasticsearch pour mettre en place le ssl\/tls\u00a0:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\n

cd \/etc\/elasticsearch\/<\/o:p><\/span><\/p>\n\n

nano elasticsearch.yml<\/o:p><\/span><\/p>\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\n

network.host: <\/span>0.0<\/span>.<\/span>0.0<\/span><\/o:p><\/span><\/p>\n\n

cluster.initial_master_nodes: afo-siem.<\/span>local<\/span><\/o:p><\/span><\/p>\n\n

xpack.security.enabled: <\/span>true<\/span><\/o:p><\/span><\/p>\n\n

xpack.security.http.ssl.enabled: <\/span>true<\/span><\/o:p><\/span><\/p>\n\n

xpack.security.transport.ssl.enabled: <\/span>true<\/span><\/o:p><\/span><\/p>\n\n

xpack.security.http.ssl.key: certs\/elastic\/elastic.key<\/o:p><\/span><\/p>\n\n

xpack.security.http.ssl.certificate:\ncerts\/elastic\/elastic.crt<\/o:p><\/span><\/p>\n\n

xpack.security.http.ssl.certificate_authorities:\ncerts\/ca\/ca.crt<\/o:p><\/span><\/p>\n\n

xpack.security.transport.ssl.key:\ncerts\/elastic\/elastic.key<\/o:p><\/span><\/p>\n\n

xpack.security.transport.ssl.certificate:\ncerts\/elastic\/elastic.crt<\/o:p><\/span><\/p>\n\n

xpack.security.transport.ssl.certificate_authorities:\ncerts\/ca\/ca.crt<\/o:p><\/span><\/p>\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Pour activer l’authentification et d\u00e9finir le mot de passe sur Kibana nous devons rentrer ces commandes :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n

systemctl start elasticsearch<\/span><\/p>\n

cd \/usr\/share\/elasticsearch
<\/span><\/p>\n

.\/bin\/elasticsearch-setup-passwords interactive<\/span><\/p>\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous allons maintenant devoir arr\u00eater les 2 services pour faire les prochaines configurations\u00a0:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\n

systemctl stop elasticsearch<\/o:p><\/span><\/p>\n\n

systemctl stop kibana<\/o:p><\/span><\/p>\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous allons chiffrer la communication entre Elastic et Kibana gr\u00e2ce aux certificats, pour cela nous allons cr\u00e9er un certificat pour kibana :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\n

cd \/usr\/share\/elasticsearch<\/o:p><\/span><\/p>\n\n

bin\/elasticsearch-certutil cert –ca-cert ca\/ca.crt\n–ca-key ca\/ca.key –days <\/span>3500<\/span> –dns afo-siem.<\/span>local<\/span> –ip <\/span>192.168<\/span>.<\/span>7.135<\/span> -pem —<\/span>out<\/span> kibana.zip –name kibana<\/o:p><\/span><\/p>\n\n

unzip\nkibana.zip<\/o:p><\/span><\/p>\n\n

mkdir\n\/etc\/kibana\/certs<\/o:p><\/span><\/p>\n\n

cp -r\nkibana \/etc\/kibana\/certs\/<\/o:p><\/span><\/p>\n\n

cp -r ca\n\/etc\/kibana\/certs\/ <\/o:p><\/span><\/p>\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous allons maintenant modifier le fichier de configuration de Kibana pour activer le SSL\/TLS avec Elastic et le HTTPS sur la page web\u00a0:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n

nano
\/etc\/kibana\/kibana.yml<\/span><\/p>\n

server.host:
<\/span>\u00ab\u00a00.0.0.0\u00a0\u00bb<\/span><\/p>\n

elasticsearch.hosts: [https:<\/span>\/\/192.168.7.135:9200]<\/span><\/p>\n

server.ssl.enabled: <\/span>true<\/span><\/p>\n

server.ssl.certificate:
<\/span>\/etc\/<\/span>kibana\/certs\/kibana\/kibana.crt<\/span><\/p>\n

server.ssl.key:
<\/span>\/etc\/<\/span>kibana\/certs\/kibana\/kibana.key<\/span><\/p>\n

elasticsearch.username: <\/span>\u00ab\u00a0kibana\u00a0\u00bb<\/span><\/p>\n

elasticsearch.password: <\/span>\u00ab\u00a0MotDePasse\u00a0\u00bb<\/span><\/p>\n

elasticsearch.ssl.certificateAuthorities: <\/span>\/etc\/<\/span>kibana\/certs\/ca\/ca.crt<\/span><\/p>\n

server.publicBaseUrl: https:<\/span>\/\/afo-siem.local:5601<\/span><\/p>\n

xpack.encryptedSavedObjects.encryptionKey: <\/span>\u00ab\u00a0sjasoB7o4Ym62SR4re6eR0u4kpZJAKCrGr8\u00a0\u00bb<\/span><\/p>\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Nous pouvons enfin d\u00e9marrer Kibana et lorsque nous irons sur la page web de configuration, un mot de passe nous sera demand\u00e9\u00a0:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n

systemctl start kibana<\/span><\/p>\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Les deux pages sont donc maintenant en https :<\/p>\n

https:\/\/192.168.7.135:5601\/<\/a> ou https:\/\/afo-siem.local:5601
<\/a>https:\/\/192.168.7.135:9200\/<\/a><\/span><\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Donnez moi de la moula sur Paypal par piti\u00e9 :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\n\t\t\t\t\t\n\t\t\t\t\t\tLink<\/span>\n\t\t\t\t\t\t<\/i>\t\t\t\t\t<\/a>\n\t\t\t\t<\/span>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Cette article pr\u00e9sente la mise en place d’un SIEM ELK<\/p>\n","protected":false},"author":2,"featured_media":510,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[1],"tags":[8,9],"class_list":["post-266","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-non-classe","tag-elk","tag-siem"],"yoast_head":"\nMise en place d'un SIEM ELK - Alban FORESTIER<\/title>\n<meta name=\"description\" content=\"\u00c9tudiant en Cybers\u00e9curit\u00e9 en alternance \/ Passionn\u00e9 d'informatique, vous pourrez retrouver sur mon site diff\u00e9rents projets que j'ai pu mettre en place.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mise en place d'un SIEM ELK - Alban FORESTIER\" \/>\n<meta property=\"og:description\" content=\"\u00c9tudiant en Cybers\u00e9curit\u00e9 en alternance \/ Passionn\u00e9 d'informatique, vous pourrez retrouver sur mon site diff\u00e9rents projets que j'ai pu mettre en place.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/\" \/>\n<meta property=\"og:site_name\" content=\"Alban FORESTIER\" \/>\n<meta property=\"article:published_time\" content=\"2022-07-24T18:23:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-14T14:37:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/alban.pro\/wp-content\/uploads\/2022\/07\/elastic-logo-V-full-color.png\" \/>\n\t<meta property=\"og:image:width\" content=\"3187\" \/>\n\t<meta property=\"og:image:height\" content=\"3350\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Alban\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alban\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/alban.pro\\\/index.php\\\/2022\\\/07\\\/24\\\/siem-elk\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/alban.pro\\\/index.php\\\/2022\\\/07\\\/24\\\/siem-elk\\\/\"},\"author\":{\"name\":\"Alban\",\"@id\":\"https:\\\/\\\/alban.pro\\\/#\\\/schema\\\/person\\\/61b631fd63b306d6da78ef331ffc9f65\"},\"headline\":\"Mise en place d’un SIEM ELK\",\"datePublished\":\"2022-07-24T18:23:47+00:00\",\"dateModified\":\"2024-02-14T14:37:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/alban.pro\\\/index.php\\\/2022\\\/07\\\/24\\\/siem-elk\\\/\"},\"wordCount\":1199,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/alban.pro\\\/index.php\\\/2022\\\/07\\\/24\\\/siem-elk\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/alban.pro\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/elastic-logo-V-full-color.png\",\"keywords\":[\"elk\",\"SIEM\"],\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/alban.pro\\\/index.php\\\/2022\\\/07\\\/24\\\/siem-elk\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/alban.pro\\\/index.php\\\/2022\\\/07\\\/24\\\/siem-elk\\\/\",\"url\":\"https:\\\/\\\/alban.pro\\\/index.php\\\/2022\\\/07\\\/24\\\/siem-elk\\\/\",\"name\":\"Mise en place d'un SIEM ELK - Alban FORESTIER\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/alban.pro\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/alban.pro\\\/index.php\\\/2022\\\/07\\\/24\\\/siem-elk\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/alban.pro\\\/index.php\\\/2022\\\/07\\\/24\\\/siem-elk\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/alban.pro\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/elastic-logo-V-full-color.png\",\"datePublished\":\"2022-07-24T18:23:47+00:00\",\"dateModified\":\"2024-02-14T14:37:19+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/alban.pro\\\/#\\\/schema\\\/person\\\/61b631fd63b306d6da78ef331ffc9f65\"},\"description\":\"\u00c9tudiant en Cybers\u00e9curit\u00e9 en alternance \\\/ Passionn\u00e9 d'informatique, vous pourrez retrouver sur mon site diff\u00e9rents projets que j'ai pu mettre en place.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/alban.pro\\\/index.php\\\/2022\\\/07\\\/24\\\/siem-elk\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/alban.pro\\\/index.php\\\/2022\\\/07\\\/24\\\/siem-elk\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/alban.pro\\\/index.php\\\/2022\\\/07\\\/24\\\/siem-elk\\\/#primaryimage\",\"url\":\"https:\\\/\\\/alban.pro\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/elastic-logo-V-full-color.png\",\"contentUrl\":\"https:\\\/\\\/alban.pro\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/elastic-logo-V-full-color.png\",\"width\":3187,\"height\":3350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/alban.pro\\\/index.php\\\/2022\\\/07\\\/24\\\/siem-elk\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/alban.pro\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mise en place d’un SIEM ELK\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/alban.pro\\\/#website\",\"url\":\"https:\\\/\\\/alban.pro\\\/\",\"name\":\"Alban FORESTIER\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/alban.pro\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/alban.pro\\\/#\\\/schema\\\/person\\\/61b631fd63b306d6da78ef331ffc9f65\",\"name\":\"Alban\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ee2596c4f3c9c6f66f546d401ca4279dc491eb8da4d79bc4313e731a5b09d90b?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ee2596c4f3c9c6f66f546d401ca4279dc491eb8da4d79bc4313e731a5b09d90b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ee2596c4f3c9c6f66f546d401ca4279dc491eb8da4d79bc4313e731a5b09d90b?s=96&d=mm&r=g\",\"caption\":\"Alban\"},\"url\":\"https:\\\/\\\/alban.pro\\\/index.php\\\/author\\\/alban2376542515\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mise en place d'un SIEM ELK - Alban FORESTIER","description":"\u00c9tudiant en Cybers\u00e9curit\u00e9 en alternance \/ Passionn\u00e9 d'informatique, vous pourrez retrouver sur mon site diff\u00e9rents projets que j'ai pu mettre en place.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/","og_locale":"fr_FR","og_type":"article","og_title":"Mise en place d'un SIEM ELK - Alban FORESTIER","og_description":"\u00c9tudiant en Cybers\u00e9curit\u00e9 en alternance \/ Passionn\u00e9 d'informatique, vous pourrez retrouver sur mon site diff\u00e9rents projets que j'ai pu mettre en place.","og_url":"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/","og_site_name":"Alban FORESTIER","article_published_time":"2022-07-24T18:23:47+00:00","article_modified_time":"2024-02-14T14:37:19+00:00","og_image":[{"width":3187,"height":3350,"url":"https:\/\/alban.pro\/wp-content\/uploads\/2022\/07\/elastic-logo-V-full-color.png","type":"image\/png"}],"author":"Alban","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"Alban","Dur\u00e9e de lecture estim\u00e9e":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/#article","isPartOf":{"@id":"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/"},"author":{"name":"Alban","@id":"https:\/\/alban.pro\/#\/schema\/person\/61b631fd63b306d6da78ef331ffc9f65"},"headline":"Mise en place d’un SIEM ELK","datePublished":"2022-07-24T18:23:47+00:00","dateModified":"2024-02-14T14:37:19+00:00","mainEntityOfPage":{"@id":"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/"},"wordCount":1199,"commentCount":0,"image":{"@id":"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/#primaryimage"},"thumbnailUrl":"https:\/\/alban.pro\/wp-content\/uploads\/2022\/07\/elastic-logo-V-full-color.png","keywords":["elk","SIEM"],"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/","url":"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/","name":"Mise en place d'un SIEM ELK - Alban FORESTIER","isPartOf":{"@id":"https:\/\/alban.pro\/#website"},"primaryImageOfPage":{"@id":"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/#primaryimage"},"image":{"@id":"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/#primaryimage"},"thumbnailUrl":"https:\/\/alban.pro\/wp-content\/uploads\/2022\/07\/elastic-logo-V-full-color.png","datePublished":"2022-07-24T18:23:47+00:00","dateModified":"2024-02-14T14:37:19+00:00","author":{"@id":"https:\/\/alban.pro\/#\/schema\/person\/61b631fd63b306d6da78ef331ffc9f65"},"description":"\u00c9tudiant en Cybers\u00e9curit\u00e9 en alternance \/ Passionn\u00e9 d'informatique, vous pourrez retrouver sur mon site diff\u00e9rents projets que j'ai pu mettre en place.","breadcrumb":{"@id":"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/#primaryimage","url":"https:\/\/alban.pro\/wp-content\/uploads\/2022\/07\/elastic-logo-V-full-color.png","contentUrl":"https:\/\/alban.pro\/wp-content\/uploads\/2022\/07\/elastic-logo-V-full-color.png","width":3187,"height":3350},{"@type":"BreadcrumbList","@id":"https:\/\/alban.pro\/index.php\/2022\/07\/24\/siem-elk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/alban.pro\/"},{"@type":"ListItem","position":2,"name":"Mise en place d’un SIEM ELK"}]},{"@type":"WebSite","@id":"https:\/\/alban.pro\/#website","url":"https:\/\/alban.pro\/","name":"Alban FORESTIER","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/alban.pro\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/alban.pro\/#\/schema\/person\/61b631fd63b306d6da78ef331ffc9f65","name":"Alban","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/ee2596c4f3c9c6f66f546d401ca4279dc491eb8da4d79bc4313e731a5b09d90b?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/ee2596c4f3c9c6f66f546d401ca4279dc491eb8da4d79bc4313e731a5b09d90b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ee2596c4f3c9c6f66f546d401ca4279dc491eb8da4d79bc4313e731a5b09d90b?s=96&d=mm&r=g","caption":"Alban"},"url":"https:\/\/alban.pro\/index.php\/author\/alban2376542515\/"}]}},"_links":{"self":[{"href":"https:\/\/alban.pro\/index.php\/wp-json\/wp\/v2\/posts\/266","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/alban.pro\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/alban.pro\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/alban.pro\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/alban.pro\/index.php\/wp-json\/wp\/v2\/comments?post=266"}],"version-history":[{"count":81,"href":"https:\/\/alban.pro\/index.php\/wp-json\/wp\/v2\/posts\/266\/revisions"}],"predecessor-version":[{"id":601,"href":"https:\/\/alban.pro\/index.php\/wp-json\/wp\/v2\/posts\/266\/revisions\/601"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/alban.pro\/index.php\/wp-json\/wp\/v2\/media\/510"}],"wp:attachment":[{"href":"https:\/\/alban.pro\/index.php\/wp-json\/wp\/v2\/media?parent=266"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/alban.pro\/index.php\/wp-json\/wp\/v2\/categories?post=266"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/alban.pro\/index.php\/wp-json\/wp\/v2\/tags?post=266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}