badsectorlabs.ludus_elastic_container

Panoramica Versioni Approfondimenti

Ansible Role: Elastic Container

This Ansible role sets up the Elastic Container on a Linux machine.

  • Creates a policy for the agent
  • Adds two integrations to the policy (Elastic Defend and Windows)
  • Sets up one Fleet server
  • Downloads the correct agent version and places it in the ludus host (/opt/ludus/resources/elastic) for offline installations of agents
  • Updates the Elasticsearch output URL to include the IP address of the elastic server
  • Saves the enrollment token in {{ ludus_elastic_container_install_path }}/enrollment_token.txt. With this token and the server's IP address, you can deploy agents.

Requirements

None.

Role Variables

Here are the available variables along with their default values (see defaults/main.yml):

ludus_elastic_container_install_path: /opt/elastic_container
ludus_elastic_password: "elasticpassword"
ludus_elastic_stack_version: "8.12.2"
ludus_elastic_container_branch: 05c0b91a36a0918d095c28295a9c64a9def275f5 # A known good version, as of 2024-07-03

Dependencies

geerlingguy.docker

[Optional] Review the .env example before uploading the role (if you decide to clone and add it).

Example Playbook

- hosts: elastic-server
  roles:
    - badsectorlabs.ludus_elastic_container

Example Ludus Range Configuration

ludus:
  - vm_name: "{{ range_id }}-elastic-server"
    hostname: "{{ range_id }}-elastic-server"
    template: debian-12-x64-server-template
    vlan: 20
    ip_last_octet: 2
    ram_gb: 8
    cpus: 4
    linux: true
    testing:
      snapshot: false
      block_internet: false
    roles:
      - badsectorlabs.ludus_elastic_container
    role_vars:
      ludus_elastic_password: "hellofromtheotherside"

Ludus Setup

# Add the role to your ludus host
ludus ansible roles add badsectorlabs.ludus_elastic_container

# Save your configuration into a file
ludus range config get > config.yml

# Edit the config to add the role to the VMs you want as an elastic server
ludus range config set -f config.yml

# Deploy the range using only the user-defined roles :)
ludus range deploy -t user-defined-roles

  • After deployment, access the Kibana UI at https://<IP>:5601

  • In Kibana, you can activate your own detection rules (to trigger alerts). No rules are enabled by default to help the user manage notifications. This resource is a good reference for managing detection rules.

License

Apache-2.0

Author Information

This role was created by Bad Sector Labs for Ludus.

Resources/Credits

Informazioni sul progetto

Install "The Elastic Container Project" to a debian system

role docker kibana elasticsearch fleet elasticcontainer
Installa
ansible-galaxy install badsectorlabs.ludus_elastic_container
GitHub repository
2 stelle
1 fork
1 problemi aperti
Licenza
apache-2.0
Download
1.1k
Proprietario