Docker SIEM install

I am at the beginning of a new ELK SIEM installation and am looking to verify a couple of items.

  1. When creating the SIEM in docker the documentation does not say to pull the Logstash component. Is there a reason for this? Can it be pulled with the same string as elasticsearch and kibana
docker pull
  1. When creating this in a docker environment, should I be configuring the 3 servers (ES, Kib,Log) as normal servers in terms of sizing?

Thank you for the feedback. Wanting to set this up correctly the first time.

I have been able to get past this phase of the installation.

I created the 3 servers as per normal. From there I used Podman to create pods for the SIEM components and then containers in the pods.

Logstash and Kibana are running however, I am unable to start the Elasticsearch containers.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.