You will notice that this article has something to do with ELK stack AGAIN!!!. ELK stack is so flexible that it can fit into many different use cases. Today’s use-case of elk stack will be with the firewall. Most firewalls hardly have any kind of dashboard integrated with them, which makes it harder to monitor any kind of activity that’s happening on the firewall. There are so many commercial siems available that can be easily integrated with your firewall, but if you are looking for some open source solution here is one.
PFELK, it is an open-source solution for pfsence firewalls. pfsence itself is an ultimate open-source firewall with many premium features that can be found in commercial firewalls.
With pfelk you can do so create the custom visualization as per your needs. For example (from the video link below), with some additional modules you can create visualizations for display from which counties the traffic is coming from or can see top blocked IP trying to access the network and many others.
Being able to actively monitoring the traffic can prevent malicious activity on-the-spot and action can be taken immediately.
The other thing I desire the most is the alerting ability of commercial products. By the way, ELK stack has the alert functionality but in the paid version. But since we are all about the opensource project I got some of the interesting projects which give elk stack the ability to alert you on the specific patterns.
Here are the projects which I will be covering in future posts.
- Sentinl
- Elastalert
Here is a link for official pfelk GitHub: Link
Refer video for installation and more details: Link
REFERENCES
https://github.com/a3ilson/pfelk/blob/master/README.md
https://www.youtube.com/watch?v=of2ymhr9G3I
https://sematext.com/blog/x-pack-alternatives/
https://forum.netgate.com/topic/107735/elk-pfsense-2-3-working