# KTS5

**Repository Path**: mirrors_StamusNetworks/KTS5

## Basic Information

- **Project Name**: KTS5
- **Description**:  Kibana 5 Templates for Suricata IDPS 
- **Primary Language**: Unknown
- **License**: GPL-3.0
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2023-09-07
- **Last Updated**: 2026-03-30

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

===============================
Kibana 5 Templates for Suricata
===============================

Templates/Dashboards for Kibana 5 to use with Suricata IDPS and the ELK stack

This repository provides 13 templates for the Kibana 5.x and Elasticsearch 5.x
for use with Suricata IDS/IPS - Intrusion Detection and Prevention System.

These dashboards are for use with Suricata and ELK - Elasticsearch, Logstash, 
Kibana and comprise of more than 140 visualizations and 11 searches.

The dashboards are:

 - ALL  
 - ALERTS 
 - DNS  
 - FILE Transactions  
 - FLOW  
 - HTTP  
 - IDS
 - OVERVIEW
 - SMTP
 - SSH  
 - TLS
 - VLAN
 - STATS

How to use
==========

::

     apt-get install git-core
     git clone https://github.com/StamusNetworks/KTS5.git
     cd KTS5
     
Load the dashboards: ::

 ./load.sh

If this is a clean elasticsearch 5.x installation (aka not an upgrade from 2.x to 5.x) you need to: ::

 find /path/to/KTS5/dashboards/ -type f -exec sed -i -e 's/.raw/.keyword/g' {} ;
 
You would need to select ``logstash-*`` as a default index once you open any dashboard for the first time after initial load/import.

For optimal results an example of elasticsearch template has been included under `es-template\elasticsearch5-template.json` that is used in SELKS 4.

**NOTE:**  
This may delete any custom dashboards you already have in place. 

**NOTE:**  
In order to use the full HTTP logging dashboard template you need to set up Suricata as
explained here - http://www.pevma.blogspot.se/2014/06/http-header-fields-extended-logging.html  

**NOTE:**  
If the traffic you are inspecting contains vlans - in order to use the VLAN template, make sure you have enabled vlan tracking in ``suricata.yaml`` -

     vlan:
       use-for-tracking: true

**NOTE:**  
For best user experience use with 1680 x 1050 screen resolution!!  

Do not hesitate to test,feedback and contribute !