Hello Team,
Is it possible with Kibana & Elasticsearch t configure a live cyber threat map? I am sure you guys must have seen on the internet something like this where live threat map displays the Geo and IP addresses where this malicious activity coming from.
https://community.blueliv.com/map/
https://threatmap.bitdefender.com/
Yes, Kibana ships with region maps now, and you can can do GeoIP enrichment of your data as part of your ingest pipeline (via logstash, ingest node, or I think even beats). The data enrichment would map the IP address to location (a coordinate I believe) which I believe is mapped to a region as part of the aggregation.
Kibana would show basically a regional heatmap, not points like in the demo you linked to.
Hi there,
So would you please help me on this regards to configure the heat map using Geo? I mean I have multiple honeypots setup which can be used to plot that data? Like opencanary
You should only need to index records in Elasticsearch with GeoIP information to get this to work.
A lot of people run the ingestion through Logstash and use the GeoIP filter to enrich their data from just the IP address. I thought you could use the ingest node too, but the list of processors doesn't include GeoIP, so I guess I was wrong.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.