Live threat map with elastic & Kibana

(R) #1

Hello Team,

Is it possible with Kibana & Elasticsearch t configure a live cyber threat map? I am sure you guys must have seen on the internet something like this where live threat map displays the Geo and IP addresses where this malicious activity coming from.

(Joe Fleming) #2

Yes, Kibana ships with region maps now, and you can can do GeoIP enrichment of your data as part of your ingest pipeline (via logstash, ingest node, or I think even beats). The data enrichment would map the IP address to location (a coordinate I believe) which I believe is mapped to a region as part of the aggregation.

Kibana would show basically a regional heatmap, not points like in the demo you linked to.

(R) #3

Hi there,

So would you please help me on this regards to configure the heat map using Geo? I mean I have multiple honeypots setup which can be used to plot that data? Like opencanary

(Joe Fleming) #4

You should only need to index records in Elasticsearch with GeoIP information to get this to work.

A lot of people run the ingestion through Logstash and use the GeoIP filter to enrich their data from just the IP address. I thought you could use the ingest node too, but the list of processors doesn't include GeoIP, so I guess I was wrong.

(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.