SIEMonster V2 Topology

Container Traditional
Virtual Machine
Application 1 Application 2
Application 1 Application2

Libraries Libraries
Libraries Libraries

Docker Engine
Guest OS Guest OS
Host Operating System

Hardware Using Containers Hypervisor

for modular
deployment, Host Operating System
underpinned by OS
layer software Hardware
install.
 SIEMonster V2 Topology

Why Docker?

• The entire application, with all its dependencies in a

single environment.
• Portable deployment of applications as a single
object.
• Application-centric versus machine/server-centric.
• Fast easy deployment and upgrade path.
• Built-in version tracking.
• Reusable components.
• Compatible with Amazon/Azure Container Services.
• Highly scalable with high performance.
 SIEMonster V2 Topology

Deploy into Amazon AWS or Azure Container Service

 SIEMonster V2 Topology

Capricorn Docker Proteus Docker

Components Components
Persistent Volumes deployed
for databases/logs for simple
upgrades and surviving
container deletion.
Elasticsearch
Kibana
Client
OSSEC

Alerts
Incident
Response
Docker SyslogNG
Graphite
Monitor

Grafana
Siren
Docker
Monitor
Web UI Reporting
 SIEMonster V2 Topology

Docker Level Capricorn

Siren

Docker Incident
Kibana
Monitor Response

Elasticsearch
Alerts Client
Grafana

Elasticsearch
Reporting ES & OS Node
Client Graphite
Metrics Collection

Web UI
 SIEMonster V2 Topology

Data ingest Docker Level Proteus

Ossec Agents

Persistent Volume – Logs Logstash processing

OSSEC
and OSSEC Management on the software layer

Unix Vulnerability Assessment

Vuls/Nessus Schedules/Reports
Nessus Scan Viewer Elasticsearch
software node -
Proteus

Docker Docker metrics analysis with

Monitor alerting options for autoscale
 SIEMonster V2 Topology

OS Level Software
Data ingest

Syslog-NG
NXlog
Logstash
Elasticsearch
RabbitMQ
Capricorn
Proteus

Non Data – Master Eligible

Data – Master Eligible Kraken Tiamat Data

 SIEMonster V2 Topology

OS Level Software - Docker Interaction

Data ingest

Kibana Docker Kibana

Client

Non Data – Master Eligible

Docker
Elasticsearch
Elasticsearch
Proteus Client
Client Node

Module Interaction
Docker Cluster with Dockerised ES
Client Node & OS level
Logstash log parsing from Docker metrics collectors.
Data Nodes sources plus push alerting via API
External OSINT Data