In this blog I will show how use bot IntelMQ and ELK stack together so that the feed from IntelMQ can be pushed into the ELK for analysis. I will not go into the details of architecture for either of these as they are beyond the scope of this blog. In the previous blog post, I have already illustrated how we can install IntelMQ in Ubuntu 20.04 system using sources and use apt command to download packages and install them.
In this blog, we will be using the api provided by the shadow server and obtain information. We will use the official API to pull data from the Shadow Server systems. Previously this has been delivered manually via email but it be manual process where we can configure the intelmq to fetch the email from the email server obtain the attachment and delete the file. But from my perspective, this seems ineffective and not the proper way to do it.
In this post we will be installing IntelMQ, IntelMQ API and IntelMQ Manager. We will be following the original guide provided by the developer.
A point to note is, I have initially tried to install the software on LXC system unfortunately I have failed when installing the system on to that platform then after couple of tries I have found that it was quite impossible to install and bring back up the system.
For a official purpose, I had to build a basic application. But it was not a normal application, it had to be a BIOS app. I can code in C/C++ to some extent, but I don’t know how to do it in BIOS. So after many hours, I understood that the easiest way to run is below. Please note that some basics have been already configured as per found in the coreboot document.
A good shell environment is quite important for completing various tasks. In Linux most of the advanced commands, scripts are done in a shell environment. I have searched for a good terminal so that I can perform various activities with ease. After considering various terminals like Terminator[1], Tmux[2] and others, I have final found the tool I was looking for.
Tilix [3] had most of the features I was looking for like hot key assignment of various commands and it had a very flexible user interface so that I can start with a minimal but make a complex by adding more tabs or splitting the terminals into various window.
