Overview

Current Verison: 0.0.1a

The pensando-elk implementation is a combination of several open source, Elastic based applications plus the Pensando Systems implementation of Elastic logstash/filebeat applications. By downloading and installing the pensando-elk software, there is a curated view of the following, disparate implementations:

• Pensando Distributed Firewall: logging from Pensando DSC firewalls
• Elastiflow: Network flow data gathered from Pensando DSCs
• Suricata: Network threat detection engine using ERSPAN II logs
• Zeek: Configurable packet stream reader that converts ERSPAN III logs to events and alerts

See also

For more information on each of the components in Pensando-ELK, visit the Pensando-ELK Components

To use pensando-elk, you only need a CentOS 8 or Ubuntu 18.04 server/VM with the following minimums:

• 4 CPU
• 16GB RAM - (up to 64GB supported)
• 128GB HDD

From there, you can Install, Run and then perform an initial Setup