Author of EveBox here. Thanks for the mention, what you said basically met my goals. The documentation and other items such as an actual usable default configuration file installed are on my to-do list. I agree with what you said about security, however, I feel it's good enough, or at least as good as using basic auth on a reverse proxy. Would you recommend going the Wazuh way of forcing a username and password? Then I'd also want to force a self-signed TLS certificate. Of course, this often gets in the way of convenience so there is a balance.
Hi Jason, and thanks for all the work you've put in! I think more secure defaults are always better so I'd be in favour of a random password and self-signed certificate out of the box, with the option to disable it in favour of a reverse proxy (e.g. the user may prefer to implement some kind of SSO on a proxy). My primary security concern isn't about your implementation, and is more about your time. I tend to assume that all software has vulnerabilities yet to be discovered. At the moment it appears that you _are_ EveBox; so if there was a vulnerability it would likely go unresolved until you found out, fixed, and published it. I assume this is something you fit in when you have time, and there's no guarantee that you wouldn't be sick or on holiday when a vulnerability was discovered; so it doesn't seem reasonable to assume any kind of SLA for patches to become available if you're not being paid for it. There could be a zero-day vulnerability discovered for NGINX, but they have a full-time team of developers and a commercial product dependent on it so it seems more reasonable to expect a timely fix from them. I see putting NGINX in front of EveBox as a sensible way for users to mitigate the risk.
So say I’m running pfsense (I am running pfsense) , hehe, how do I export those logs to eve? I’ve read FileBeat but can’t seem to locate it in the FreeBSD repository
Suricata can output Eve JSON to syslog instead of a file. Your best bet might be to do that and use syslog to throw the data over to Logstash/Elasticsearch.
hi hope u answer to this comment im having BSOD error code : whea uncorrectable error but it happens only when im using my battery i bought this laptop new and im using it 2 months now sometimes it doesnt happen at all but still it happens
Update: The installation issues I encountered with SELKS have been resolved by Stamus Networks. Both the setup script and the wiki have been updated.
Author of EveBox here. Thanks for the mention, what you said basically met my goals. The documentation and other items such as an actual usable default configuration file installed are on my to-do list.
I agree with what you said about security, however, I feel it's good enough, or at least as good as using basic auth on a reverse proxy. Would you recommend going the Wazuh way of forcing a username and password? Then I'd also want to force a self-signed TLS certificate. Of course, this often gets in the way of convenience so there is a balance.
Hi Jason, and thanks for all the work you've put in!
I think more secure defaults are always better so I'd be in favour of a random password and self-signed certificate out of the box, with the option to disable it in favour of a reverse proxy (e.g. the user may prefer to implement some kind of SSO on a proxy).
My primary security concern isn't about your implementation, and is more about your time. I tend to assume that all software has vulnerabilities yet to be discovered. At the moment it appears that you _are_ EveBox; so if there was a vulnerability it would likely go unresolved until you found out, fixed, and published it. I assume this is something you fit in when you have time, and there's no guarantee that you wouldn't be sick or on holiday when a vulnerability was discovered; so it doesn't seem reasonable to assume any kind of SLA for patches to become available if you're not being paid for it. There could be a zero-day vulnerability discovered for NGINX, but they have a full-time team of developers and a commercial product dependent on it so it seems more reasonable to expect a timely fix from them. I see putting NGINX in front of EveBox as a sensible way for users to mitigate the risk.
Thank you for EveBox! It's an awesome project.
Thanks for this video! Eye candy when SHTF is essential!
Everyone loves a dashboard 🙂
All the videos on this channel are very helpful👍
Thanks!
Great video 👊🏿
Thanks!
So say I’m running pfsense (I am running pfsense) , hehe, how do I export those logs to eve? I’ve read FileBeat but can’t seem to locate it in the FreeBSD repository
Suricata can output Eve JSON to syslog instead of a file. Your best bet might be to do that and use syslog to throw the data over to Logstash/Elasticsearch.
hi hope u answer to this comment im having BSOD error code : whea uncorrectable error but it happens only when im using my battery i bought this laptop new and im using it 2 months now sometimes it doesnt happen at all but still it happens
This video shows you how to troubleshoot a BSoD: ua-cam.com/video/odZsRBMBXB0/v-deo.html