docker-zeek - Zeek IDS Dockerfile

  •        6

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it. See all contributors on GitHub.

https://github.com/blacktop/docker-zeek

Tags
Implementation
License
Platform

   




Related Projects

Suricata IDS - Network threat detection engine

  •    C

The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats.

pipeline - PipelineAI: Real-Time Enterprise AI Platform

  •    HTML

Each model is built into a separate Docker image with the appropriate Python, C++, and Java/Scala Runtime Libraries for training or prediction. Use the same Docker Image from Local Laptop to Production to avoid dependency surprises.

dagda - a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

  •    Python

Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities. In order to fulfill its mission, first the known vulnerabilities as CVEs (Common Vulnerabilities and Exposures), BIDs (Bugtraq IDs), RHSAs (Red Hat Security Advisories) and RHBAs (Red Hat Bug Advisories), and the known exploits from Offensive Security database are imported into a MongoDB to facilitate the search of these vulnerabilities and exploits when your analysis are in progress.

cilium - HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP

  •    Go

Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes and Mesos. A new Linux kernel technology called BPF is at the foundation of Cilium. It supports dynamic insertion of BPF bytecode into the Linux kernel at various integration points such as: network IO, application sockets, and tracepoints to implement security, networking and visibility logic. BPF is highly efficient and flexible. To learn more about BPF, read more in our extensive BPF and XDP Reference Guide.


kafka-stack-docker-compose - docker compose files to create a fully working kafka stack

  •    Shell

This replicates as well as possible real deployment configurations, where you have your zookeeper servers and kafka servers actually all distinct from each other. This solves all the networking hurdles that comes with Docker and docker-compose, and is compatible cross platform. This configuration fits most development requirements.

Sguil - The Analyst Console for Network Security Monitoring

  •    Tcl

Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis.

dockbeat - Dockbeat - the elastic Beat for docker daemon monitoring

  •    Go

Dockbeat is the new Dockerbeat name. We had to rename the project due to the Docker trademarking policy. Dockbeat is a Beat used for docker daemon monitoring. It is a lightweight agent that installed on your servers, reads periodically docker container statistics and indexes them in Elasticsearch. To get a detailed list of all generated fields, please read the fields documentation page.

kafka-docker - Dockerfile for Apache Kafka

  •    Shell

Kafka Docker helps to run multiple Kafka brokers in Docker.

elasticsearch - https://github.com/docker-library/official-images/pull/4916

  •    Shell

This is the Git repo of the Docker "Official Image" for elasticsearch (not to be confused with any official elasticsearch image provided by elasticsearch upstream). See the Docker Hub page for the full readme on how to use this Docker image and for information regarding contributing and issues. The full description from Docker Hub is generated over in docker-library/docs, specifically in docker-library/docs/elasticsearch.

sigma - Generic Signature Format for SIEM Systems

  •    Python

Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. Sigma is for log files what Snort is for network traffic and YARA is for files.

fast-data-dev - Kafka Docker for development

  •    Shell

Apache Kafka docker image for developers; with Landoop Lenses (landoop/kafka-lenses-dev) or Landoop's open source UI tools (landoop/fast-data-dev). Have a full fledged Kafka installation up and running in seconds and top it off with a modern streaming platform (only for kafka-lenses-dev), intuitive UIs and extra goodies. Also includes Kafka Connect, Schema Registry, Landoop Stream Reactor 25+ Connectors and more.

docker-elasticsearch-kubernetes - Ready to use Elasticsearch + Kubernetes discovery plug-in Docker image

  •    

Ready to use, lean Elasticsearch Docker image ready for using within a Kubernetes cluster. See pires/kubernetes-elasticsearch-cluster for instructions on how to run, scale and use Elasticsearch on Kubernetes.

php-docker-boilerplate - :stew: PHP Docker Boilerplate for Symfony, Wordpress, Joomla or any other PHP Project (NGINX, Apache HTTPd, PHP-FPM, MySQL, Solr, Elasticsearch, Redis, FTP)

  •    Javascript

This is an easy customizable docker boilerplate for any PHP-based projects like Symfony Framework, CakePHP, Yii and many other frameworks or applications. This Docker boilerplate is based on the Docker best practices and doesn't use too much magic. Configuration of each docker container is available in the docker/ directory - feel free to customize.

TYPO3-docker-boilerplate - :stew: TYPO3 Docker Boilerplate project (NGINX, Apache HTTPd, PHP-FPM, MySQL, Solr, Elasticsearch, Redis, FTP)

  •    Shell

This is an easy customizable TYPO3 docker boilerplate. This Docker boilerplate is based on the Docker best practices and doesn't use too much magic. Configuration of each docker container is available in the docker/ directory - feel free to customize.

docker-monitoring - Docker-Monitoring based on Cadvisor, InfluxDB, and Grafana

  •    

Please take a look a the Docker-Monitoring-xx.json file to view the Grafana Dashboard's json file and check out the queries folders for screenshots of the queries in each graph.Also added the docker-compose.yml file to easily stand up the entire Monitoring Stack.

OpenWIPS-ng - Wireless Intrusion Prevention System

  •    C

OpenWIPS-ng is an open source and modular Wireless IPS (Intrusion Prevention System). It is composed of three parts: Sensor(s): "Dumb" devices that capture wireless traffic and sends it to the server for analysis. Also responds to attacks. Server: Aggregates the data from all sensors, analyzes it and responds to attacks. It also logs and alerts in case of an attack. Interface: GUI manages the server and displays information about the threats on your wireless network(s).

elk-docker - Elasticsearch, Logstash, Kibana (ELK) Docker image

  •    Shell

This Docker image provides a convenient centralised log server and log management web interface, by packaging Elasticsearch, Logstash, and Kibana, collectively known as ELK. See the ELK Docker image documentation web page for complete instructions on how to use this image.

zabbix-docker-monitoring - :whale: Docker/Kubernetes/Mesos/Marathon/Chronos/LXC/LXD/Swarm container monitoring - Docker image, Zabbix template and C module

  •    C

If you like or use this project, please provide feedback to author - Star it ★ and write what's missing for you.Monitoring of Docker container by using Zabbix. Available CPU, mem, blkio, net container metrics and some containers config details, e.g. IP, name, ... Zabbix Docker module has native support for Docker containers (Systemd included) and should also support a few other container types (e.g. LXC) out of the box. Please feel free to test and provide feedback/open issue. The module is focused on performance, see section Module vs. UserParameter script.

dejavu - The Missing Web UI for Elasticsearch

  •    Javascript

dejavu is the missing Web UI for Elasticsearch. Its goal is to build a modern Web UI (no page reloads, infinite scroll, filtered views, realtime updates) with 100% client side rendering. It is available today as a hosted app, chrome extension and as a docker image.