ELK stack installation and configuration for use as a SIEM (on a single linux server). Also set up relevant security alerts to slack.
Project detail
ELK stack installation and configuration for use as a SIEM (on a single linux server)
Preferred operating system for the server: Ubuntu
Log data that needs to be collected: Application Data
Security measures that should be included: User Authentication
Ideal Skills and Experience:
– Strong knowledge and experience in ELK stack installation and configuration
– Proficiency in Ubuntu server administration
– Familiarity with collecting and analyzing application log data
– Experience implementing user authentication for secure access
– Understanding of SIEM principles and best practices
You need to set up the rules and dashboard on your own after understanding our monitored application (which are 4 ERP servers).
You also need to send logs from all 4 servers to one server where you will install the ELK stack. The logs that we need are for nginx, odoo (ERP application server based on python language) and other server logs needed for security monitoring (this includes monitoring of ssh commands being run from terminal and also other server performance logs). You also need to ingest logs from cloudflare firewall (so 5 log sources in all with each source providing nginx, odoo and other server logs)
You will need to install the beats and/or agents on the other servers too besides the installation of entire ELK stack on one server with proper security.
logstash etl is an important skill to know for this project since odoo logs need to be homogenized and structured during ingest.
All servers are in the cloud.
We need you to set up slack alerts for security events that need immediate attention.
Training one user on how to use kibana dashboard or set up additional alerts and dashboard items is required.