broseek

2020-08-02 23:23:05 +00:00
commit fc28a75245
--- a/production/broseek/docker-compose.yml
+++ b/production/broseek/docker-compose.yml
@@ -0,0 +1,311 @@
+version: '2'
+
+services:
+  broseek:
+    image: blacktop/zeek:elastic
+    hostname: broseek
+    container_name: broseek
+    restart: always
+    command: -i af_packet::ens192 local "Site::local_nets += { 127.0.0.1/8,
+      172.0.0.0/24,
+      172.1.0.0/24,
+      172.2.0.0/24,
+      172.3.0.0/24,
+      172.4.0.0/24,
+      172.5.0.0/24,
+      172.6.0.0/24,
+      172.7.0.0/24,
+      172.8.0.0/24,
+      172.9.0.0/24,
+      172.10.0.0/24,
+      172.11.0.0/24,
+      172.12.0.0/24,
+      172.13.0.0/24,
+      172.14.0.0/24,
+      172.15.0.0/24,
+      172.16.0.0/24,
+      172.17.0.0/24,
+      172.18.0.0/24,
+      172.19.0.0/24,
+      172.20.0.0/24,
+      172.21.0.0/24,
+      172.22.0.0/24,
+      172.23.0.0/24,
+      172.24.0.0/24,
+      172.25.0.0/24,
+      172.26.0.0/24,
+      172.27.0.0/24,
+      172.28.0.0/24,
+      172.29.0.0/24,
+      172.30.0.0/24,
+      172.31.0.0/24,
+      172.32.0.0/24,
+      172.33.0.0/24,
+      172.34.0.0/24,
+      172.35.0.0/24,
+      172.36.0.0/24,
+      172.37.0.0/24,
+      172.38.0.0/24,
+      172.39.0.0/24,
+      172.40.0.0/24,
+      172.41.0.0/24,
+      172.42.0.0/24,
+      172.43.0.0/24,
+      172.44.0.0/24,
+      172.45.0.0/24,
+      172.46.0.0/24,
+      172.47.0.0/24,
+      172.48.0.0/24,
+      172.49.0.0/24,
+      172.50.0.0/24,
+      172.51.0.0/24,
+      172.52.0.0/24,
+      172.53.0.0/24,
+      172.54.0.0/24,
+      172.55.0.0/24,
+      172.56.0.0/24,
+      172.57.0.0/24,
+      172.58.0.0/24,
+      172.59.0.0/24,
+      172.60.0.0/24,
+      172.61.0.0/24,
+      172.62.0.0/24,
+      172.63.0.0/24,
+      172.64.0.0/24,
+      172.65.0.0/24,
+      172.66.0.0/24,
+      172.67.0.0/24,
+      172.68.0.0/24,
+      172.69.0.0/24,
+      172.70.0.0/24,
+      172.71.0.0/24,
+      172.72.0.0/24,
+      172.73.0.0/24,
+      172.74.0.0/24,
+      172.75.0.0/24,
+      172.76.0.0/24,
+      172.77.0.0/24,
+      172.78.0.0/24,
+      172.79.0.0/24,
+      172.80.0.0/24,
+      172.81.0.0/24,
+      172.82.0.0/24,
+      172.83.0.0/24,
+      172.84.0.0/24,
+      172.85.0.0/24,
+      172.86.0.0/24,
+      172.87.0.0/24,
+      172.88.0.0/24,
+      172.89.0.0/24,
+      172.90.0.0/24,
+      172.91.0.0/24,
+      172.92.0.0/24,
+      172.93.0.0/24,
+      172.94.0.0/24,
+      172.95.0.0/24,
+      172.96.0.0/24,
+      172.97.0.0/24,
+      172.98.0.0/24,
+      172.99.0.0/24,
+      172.100.0.0/24,
+      172.101.0.0/24,
+      172.102.0.0/24,
+      172.103.0.0/24,
+      172.104.0.0/24,
+      172.105.0.0/24,
+      172.106.0.0/24,
+      172.107.0.0/24,
+      172.108.0.0/24,
+      172.109.0.0/24,
+      172.110.0.0/24,
+      172.111.0.0/24,
+      172.112.0.0/24,
+      172.113.0.0/24,
+      172.114.0.0/24,
+      172.115.0.0/24,
+      172.116.0.0/24,
+      172.117.0.0/24,
+      172.118.0.0/24,
+      172.119.0.0/24,
+      172.120.0.0/24,
+      172.121.0.0/24,
+      172.122.0.0/24,
+      172.123.0.0/24,
+      172.124.0.0/24,
+      172.125.0.0/24,
+      172.126.0.0/24,
+      172.127.0.0/24,
+      172.128.0.0/24,
+      172.129.0.0/24,
+      172.130.0.0/24,
+      172.131.0.0/24,
+      172.132.0.0/24,
+      172.133.0.0/24,
+      172.134.0.0/24,
+      172.135.0.0/24,
+      172.136.0.0/24,
+      172.137.0.0/24,
+      172.138.0.0/24,
+      172.139.0.0/24,
+      172.140.0.0/24,
+      172.141.0.0/24,
+      172.142.0.0/24,
+      172.143.0.0/24,
+      172.144.0.0/24,
+      172.145.0.0/24,
+      172.146.0.0/24,
+      172.147.0.0/24,
+      172.148.0.0/24,
+      172.149.0.0/24,
+      172.150.0.0/24,
+      172.151.0.0/24,
+      172.152.0.0/24,
+      172.153.0.0/24,
+      172.154.0.0/24,
+      172.155.0.0/24,
+      172.156.0.0/24,
+      172.157.0.0/24,
+      172.158.0.0/24,
+      172.159.0.0/24,
+      172.160.0.0/24,
+      172.161.0.0/24,
+      172.162.0.0/24,
+      172.163.0.0/24,
+      172.164.0.0/24,
+      172.165.0.0/24,
+      172.166.0.0/24,
+      172.167.0.0/24,
+      172.168.0.0/24,
+      172.169.0.0/24,
+      172.170.0.0/24,
+      172.171.0.0/24,
+      172.172.0.0/24,
+      172.173.0.0/24,
+      172.174.0.0/24,
+      172.175.0.0/24,
+      172.176.0.0/24,
+      172.177.0.0/24,
+      172.178.0.0/24,
+      172.179.0.0/24,
+      172.180.0.0/24,
+      172.181.0.0/24,
+      172.182.0.0/24,
+      172.183.0.0/24,
+      172.184.0.0/24,
+      172.185.0.0/24,
+      172.186.0.0/24,
+      172.187.0.0/24,
+      172.188.0.0/24,
+      172.189.0.0/24,
+      172.190.0.0/24,
+      172.191.0.0/24,
+      172.192.0.0/24,
+      172.193.0.0/24,
+      172.194.0.0/24,
+      172.195.0.0/24,
+      172.196.0.0/24,
+      172.197.0.0/24,
+      172.198.0.0/24,
+      172.199.0.0/24,
+      172.200.0.0/24,
+      172.201.0.0/24,
+      172.202.0.0/24,
+      172.203.0.0/24,
+      172.204.0.0/24,
+      172.205.0.0/24,
+      172.206.0.0/24,
+      172.207.0.0/24,
+      172.208.0.0/24,
+      172.209.0.0/24,
+      172.210.0.0/24,
+      172.211.0.0/24,
+      172.212.0.0/24,
+      172.213.0.0/24,
+      172.214.0.0/24,
+      172.215.0.0/24,
+      172.216.0.0/24,
+      172.217.0.0/24,
+      172.218.0.0/24,
+      172.219.0.0/24,
+      172.220.0.0/24,
+      172.221.0.0/24,
+      172.222.0.0/24,
+      172.223.0.0/24,
+      172.224.0.0/24,
+      172.225.0.0/24,
+      172.226.0.0/24,
+      172.227.0.0/24,
+      172.228.0.0/24,
+      172.229.0.0/24,
+      172.230.0.0/24,
+      172.231.0.0/24,
+      172.232.0.0/24,
+      172.233.0.0/24,
+      172.234.0.0/24,
+      172.235.0.0/24,
+      172.236.0.0/24,
+      172.237.0.0/24,
+      172.238.0.0/24,
+      172.239.0.0/24,
+      172.240.0.0/24,
+      172.241.0.0/24,
+      172.242.0.0/24,
+      172.243.0.0/24,
+      172.244.0.0/24,
+      172.245.0.0/24,
+      172.246.0.0/24,
+      172.247.0.0/24,
+      172.248.0.0/24,
+      172.249.0.0/24,
+      172.250.0.0/24,
+      172.251.0.0/24,
+      172.252.0.0/24,
+      172.253.0.0/24,
+      172.254.0.0/24,
+      172.255.0.0/24 }"
+    volumes:
+      - ./pcap:/pcap
+    cap_add:
+      - NET_RAW
+    network_mode: host
+
+#  broseek-elastic:
+#    image: blacktop/elasticsearch:x-pack-7.4.0
+#    hostname: broseek-elastic
+#    container_name: broseek-elastic
+#    restart: always
+#    environment:
+#      - discovery.type=single-node
+#    expose:
+#      - 9200
+#
+#  broseek-kibana:
+#    image: blacktop/kibana:x-pack-7.4.0
+#    hostname: broseek-kibana
+#    container_name: broseek-kibana
+#    restart: always
+#    environment:
+#      - xpack.reporting.enabled=false
+#    links:
+#      - broseek-elastic
+#    expose:
+#      - 5601
+
+  broseek-filebeat:
+    image: blacktop/filebeat
+    hostname: broseek-filebeat
+    container_name: broseek-filebeat
+    restart: always
+    command: -e
+    volumes:
+      - ./pcap:/pcap
+    external_links:
+      - elasticsearch
+      - kibana
+    networks:
+      elk:
+
+networks:
+  elk:
+    external:
+      name: elk_mynet