Blue-Baron
Blue-Baron copied to clipboard
operatorequals
Automate creating resilient, disposable, secure and agile monitoring infrastructure for Blue Teams.
Use GCP Audit Sink functionality to create PubSubs (with adequate filters) and deliver logs to them. These will be used as Filebeat Log Sources. Log Source Filters: `audit` : ```...
Sad yet funny, when the following things are resolved this can be automated... [TF issue](https://github.com/Azure/azure-rest-api-specs/issues/11085) [TF Closed PR](https://github.com/terraform-providers/terraform-provider-azurerm/pull/8581) [Azure Authentication Issue](https://github.com/Azure/azure-rest-api-specs/issues/11085)
TODO: https://itnext.io/the-right-way-of-accessing-azure-services-from-inside-your-azure-kubernetes-cluster-14a335767680
The Kibana SIEM rules can be synced with the Elastic Public ruleset [1]. The `.detection-rules-cfg.json` described here [2] can be auto-generated by the TF module, (using maybe some `local-exec` TF...
To be able to push logs from outside the cluster to the Blue-Baron stack, an Ingress resource exposing the Kubernetes Service of Collector Fluentd HTTP port would be useful.
Database credentials leaked at pod description. ``` ➜kubectl describe pod fluentd-collector-557dddd67c-fqrlz ... MONGODB_PASSWORD: fyufP61SMx MONGODB_USERNAME: baron ... ```
Metadata
Owner
Metadata
Automate creating resilient, disposable, secure and agile monitoring infrastructure for Blue Teams.