this post was submitted on 30 Nov 2023
4 points (100.0% liked)
Self-Hosted Main
511 readers
1 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don’t know how exotic hosting a SIEM and EDR (Elastic Security) solution for self hosting ist but I do that. Complete with custom alerts and all. Additionally I use Wazuh for vulnerability management and integrity monitoring on my assets. Also I run a SOAR-like script that enriches my alerts with other SIEM and external Threat Intel data.
Is Elastic Security free? I have Graylog but the security functionality is not included in the free edition.
Also, if you don’t mind, what triggers did you implement?
It’s completely free even the EDR and Threat Intel functionality. It blows my mind too. The only things that are not free are things like machine learning detection, ransomware and cloud (k8) protection and other enterprise stuff like SSO. Besides the prebuilt elastic rules (https://github.com/elastic/detection-rules) I implemented about 50 of custom rules for stuff like too many failed logins, unusual traffic flow (you can also send flows from your FW to Elastic), user account creation, network reconnaissance, unusual geo-ip location etc.
The stack is based on the „pfELK“ docker compose file (meaning it integrates automatically with Pfsense/OPNsense logs) that I further modified to automatically include the fleet server and threat intel agent and stuff: https://github.com/maof97/pfelk-docker
This is great, I've been running Security ONION for a while but looking to change it up. Right now all I can find is Elastic Security's cloud trial, can you point me to where to grab it?