A CentOS 7/8 server is recommended to install Nybble as installation script and recommended settings have been made for CentOS:
Install CentOS 7/8 server and follow Prerequisites guide.
Get Nybble installed by following installation guide for CentOS 7/8.
Nybble use Kafka to consume security events. Get Kafka installed and configured by following these guides:
Processed events and alerts will be sent to Elasticsearch for indexing. Once events have been indexed, Kibana is used for visualization and investigation.
Get Elasticsearch installed and configured by following these guides:
Once Kafka and Elasticsearch are up and running, Nybble can be configured:
Then Sigma rules can be pushed to rules folder and field mapping can be done:
Send JSON formatted events to Kafka: