Network Desgin

Hi there I am testing ELK for my current company so far I like the features and have the logs shipping back into the elastic search correctly. My main question is how best to deploy a LAN ELK stack with some hosts in the cloud without comprising the security offered by the firewall.

The ingest node should sit inside a DMZ however good practice is not have anything inside a DMZ that can connect to the local network, how can this issue be mitigated?

After doing some more reading does any one know if elastic search has parterres to detect attackers logged in snort or an IPS?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.