I’ve been tasked with implementing a monitoring system for our network and after much discussion among our IT department (for a medical group handling over 500 devices), we decided to Give Rock a try after high recommendation from a few professors at the local university. We (3 of us that make up our department) are all somewhat familiar with the tools that are available on Rock. However, we have never gone through and actually implemented any of the tools from scratch.
Just an idea with what we’re working with and what the end goal is:
We’ve set up RockNSM on a virtual machine (VMware VSphere). After several attempts and failures we were finally able to successfully get it to install with the latest release of 2.5.0-2002.
We successfully joined it to the Windows domain, and running a packet capture shows us traffic from different locations on the domain (using sudo tcpdump -c 20 -i ens224).
Our end goal is to be able to see logs for suspicious traffic, RDP connections, Windows failed login attempts, and auditing file access.
The part we’re stuck at is getting anything to load and visualize within Kibana.
We can successfully sign in to Kibana (from the local host and other network devices) but nothing is loading from any of the tools.
We are looking to keep it locally hosted instead of loading it to the cloud.
Additionally, if we try to establish an SMB connection from Windows network to and from the Rock server, it fails to authenticate (not sure if that would play a role in the visualization issue).
Is there a .yml file that we are just not configuring to be able to see and start recording logs to visualize?
Any tips would be greatly appreciated!
Thanks in advanced!
VictorQ and the Genesis IT Team.