Sentinel and T-Pot #1704
Unanswered
Jeroenvdbroek
asked this question in
Q&A
Sentinel and T-Pot
#1704
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello all.
I found a old manual how to make sentinel and t-pot work together. https://swiftsolves.substack.com/p/how-to-wire-t-pot-events-to-microsoft
But that one is not relevant anymore since the latest version of t-pot. I managed to convert and do most config work. But what i can not get to work is the installment of the of the sentinel log stash output plugin.
I added it to the Docker file of logstash so in: tpotce/docker/elk/logstash/Dockerfile
i added: bin/logstash-plugin install microsoft-sentinel-log-analytics-logstash-output-plugin
And in the tpotce/docker-compose.yml
I added under ##logstash service
build:
context: /home/azureuser/tpotce/docker/elk/logstash
dockerfile: ./Dockerfile
But this seems not to work. The t-pot service will also not start.
If this is all to difficult or not possible i have a other questrion.
Can t-pot just log the attacks (just that there is a attack is already enough info) outside the container so i can pick it up there with azure monitor?
Beta Was this translation helpful? Give feedback.
All reactions