Opensource siem has its own place in the SOC world. Even commercial siem uses Opensource components like elasticsearch, kibana, and logstash. Some of the popular opensource SIEM include OSSIM, The ELK stack, OSSEC, Wazuh, Apache Metron and MozDef by Mozilla. The reason behind writing this post is to help with the installation process of MozDef. Let’s get started.
- First, install docker and other important components for the build
sudo apt-get -y install docker docker.io gcc make build-essential git- Get the docker-compose latest version. The old version installed through default repository will not work
sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64" -o /usr/local/bin/docker-compose- Now make it executable
sudo chmod +x /usr/local/bin/docker-compose- Let’s pull the MozDef git repo now
git clone https://github.com/mozilla/MozDef.git- Remember to start docker service
sudo systemctl enable docker
sudo systemctl start docker- Extra note: If you want to tweak with some settings for change of ip address and other stuff. Check out {Mozdef}/docker/compose/docker-compose.yml
- Let’s change the directory to MozDef and start with our build. Note: Maintain your excitement because it will take some time to make build
cd MozDef
make build- Now let’s run the build be made
make run- Now just go to http://localhost for the main interface
- Official MozDef documentation – Link
- For more help email me at x786@protonmail.ch