install

[work]

Good day friends, I'm new to this, help me install (selks) Clear NDR - Community I installed Ubuntu server version 24.04 on the documentation it says first you need to install Docker, then Selks, I did it according to the documentation https://docs.docker.com/engine/install/ubuntu/ then https://docs.clearndr.io/docs/start/getting-started but the server does not start if someone knows the steps please help me just insert the commands (for example, the first is for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done. The second is # Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo\
 "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
 $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update the third is sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin ) otherwise I get confused by the documentation.

[Peter Manev]

Hi,

For ClearNDR - Community you can follow the guides here
https://docs.clearndr.io/docs/start/getting-started

Also feel free to drop in our discord channel for live cat
https://docs.clearndr.io/docs/getting-help
Thank you

> --
> Discord: Let's talk about SELKS on
> https://discord.com/channels/911231224448712714/911238451842666546
> Wiki: https://github.com/StamusNetworks/SELKS/wiki
> GitHub: https://github.com/StamusNetworks/SELKS
> Blog: https://www.stamus-networks.com/blog
> Twitter: @StamusN
> ---
> You received this message because you are subscribed to the Google Groups "SELKS" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to selks+un...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/selks/2f392bd6-ced2-4940-a374-f1aca1384db9n%40googlegroups.com.



--
Regards,
Peter Manev

[work]

yes, I did it as written here https://docs.clearndr.io/docs/start/getting-started/, but opensearch doesn’t work 

[Peter Manev]

Hi,
I would suggest doing :
./stamusctl compose down -v

remove the opensearch docker container (docker rmi)
Do again
./stamusctl compose up -d

Thank you

> To view this discussion visit https://groups.google.com/d/msgid/selks/b759cc3f-56d8-48f5-8356-1e6c998b7f81n%40googlegroups.com.



--
Regards,
Peter Manev

[work]

Thank you Peter Manev for your help, and I still have a problem, look in the picture there are not many containers working, is this normal? If this is a problem please tell me how to fix it! I have already reinstalled Selks 3 times, but each of them has the same problem.

[work]

thank you, I solved this problem. Can you tell me how to link Suricata and evebox containers?

[Peter Manev]

Hi,

Glad you figured it out.
They are already linked.
Once you log in - you should have access to all GUI screens.

Thank you

> To view this discussion visit https://groups.google.com/d/msgid/selks/69559b88-ed85-4d01-acc3-c24966534018n%40googlegroups.com.



--
Regards,
Peter Manev

[work]

Yes, thank you, I have access, but suricata’s logs do not come to evebox. When I look at the eve.json file, suricata takes all the logs but does not appear on the evebox.

[Peter Manev]

Hi,

Do you have data in the Kibana - SN-FLOW dashboard ?

Thank you

> To view this discussion visit https://groups.google.com/d/msgid/selks/f62b6f01-c7fa-4d8b-bbf8-035e9a589d2fn%40googlegroups.com.



--
Regards,
Peter Manev

[work]

Sorry but how can I see the data in the Kibana - SN-FLOW dashboard?

[work]

this is the dashboard

[Peter Manev]

Hi,

Under “Other Apps” (left hand side , down) , click on “Dashboards” , that will bring you to Opensearch Kibana , there click on Dashboards and choose the one mentioned in the previous mail.

 

Thank you 

-- 

Regards,

Peter Manev 

On 20 Dec 2024, at 10:38, work <workc...@gmail.com> wrote:

this is the dashboard

To view this discussion visit https://groups.google.com/d/msgid/selks/35e7208e-b6c2-457a-a9eb-63e39292a7e4n%40googlegroups.com.

<Снимок экрана 2024-12-20 143403.png>

[work]

Good afternoon  Peter Manev , sorry for the late response! There is no such screenshot here

[Peter Manev]

Hi,

It seems there is no data/traffic.
Can you check your sniffing interface - and see if there is traffic
arriving there?
(you can use tcpdump or similar)

Thank you

> To view this discussion visit https://groups.google.com/d/msgid/selks/1599c0ac-b7ac-4da9-9518-688dbb272cban%40googlegroups.com.



--
Regards,
Peter Manev

[work]

Thank you Peter  Manev , solved the problem. And if you know how to update the rule for selks offline, please tell me! (for example, I downloaded the rule and then added it to my selks)

[Peter Manev]

Hi,

Yes, manually uploading can work.
Also you can setup internal server and point the url inside the
sources (Management GUI) to get it from the internal server.

Thank you

On Mon, Dec 30, 2024 at 10:40 AM work <workc...@gmail.com> wrote:
>
> Thank you Peter Manev , solved the problem. And if you know how to update the rule for selks offline, please tell me! (for example, I downloaded the rule and then added it to my selks)

> To view this discussion visit https://groups.google.com/d/msgid/selks/d2569d70-0b61-4a5f-a8c9-b71c64821041n%40googlegroups.com.



--
Regards,
Peter Manev

[work]

Thank you very much Peter Manev, you helped a lot.