Photo posted by chris on Oct 13, 2016

Proteus server

Proteus function in SIEMonster is to queue, filter and process incoming endpoint data, apply rulesets and send the data to both Capricorn for instant alerting and Kraken/Tiamat for long term database storage. Proteus providers cluster health monitoring for Kraken/Tiamat. Proteus has Open Source threat intelligence OSINT installed using Minemeld.  Proteus also provides OSSEC Wazuh fork Host Intrusion Detection (HIDS)


In the 4-node instance Proteus is the master node running Elasticsearch non-data.

In the 2-node instance Proteus is the master node running Elasticsearch with data


Name Origins


In Greek mythology, Proteus is an early sea-god or god of rivers and oceanic bodies of water. Some describe him a specific domain call him the god of "elusive sea change", which suggests the constantly changing nature of the sea or the liquid quality of water in general. He can foretell the future, but, in familiar to several cultures, will change his shape to avoid having to; he will answer only to someone who can capture the beast. From this feature of Proteus comes the adjective protean, with the general meaning of "versatile", "mutable", "capable of assuming many forms". "Protean" has positive connotations of flexibility, versatility and adaptability.


Software Overview Function Table





Log retrieval, processing


Messaging queuing

OSSEC Wazuh Fork

 Rulesets, PCIDSS, CIS benchmarks, Forensic analysis

Elastic Search

Open source, distributed, real-time search and analytics engine


Elastic Security




Software Detailed Function Table





Logstash helps to take logs and other time based event data from any system and stores it in a single place for additional transformation and processing. Logstash will scrub the logs and parse all data sources into an easy to read JSON format.


RabbitMQ is used as buffer funnel header that allows data flowing in from 1000’s of endpoint sources quickly and orderly and holds, stores and flows into the SIEM in an orderly rate.


OSSEC Wazuh integration with ELK Stack comes with out-of-the-box dashboards for PCI DSS compliance and CIS benchmark. You can do forensic and historical analysis of the alerts and store your data for several years, in a reliable and scalable platform

Elastic Search

Elastic Search is running on Proteus. In a 2 node instance its running as a Data node. In a 4 node instance the Data node resides on Kraken/Tiamat not on Proteus.


SearchGuard is an Elasticsearch plugin that offers encryption, authentication and authorization. It builds on Search Guard SSL and provides plugable auth/auth modules in addition. Search Guard is an alternative to ES Shield, and offers all basic security features for free. If you need enterprise features, we offer a very flexible licensing model and support. Tailored to your needs if none of our packages fit.


Default IP addresses and Passwords


Server Name

IP Address











SSH/Local Access


Proteus and End User agents


Proteus receives logs from all Windows, Linux, Application and hardware providing syslog’s. Agents provide TLS/SSL encryption using purchased certificates or in-house self-signed or propriety certs included in the OVA image. By using this encryption and other methods there is no need for the Elastic Shield product which means support is free.

  • Preconfigured Nxlog agents with SSL certificates is used for Windows hosts is used for log collecting and sending to Proteus
  • Preconfigured Filebeat agents with SSL certificates is used on Linux hosts for log collecting and sending to Proteus
  • Hosts that don’t support an agent such as Network appliances can be configured to send all alerts SYSLOGS (0,1,2,3,4+) Port 514/1514 TCP/UDP to Proteus which has Syslog-ng installed to collect these logs

Photo Details

  • File size
  • 317.3 KB
  • Photo size
  • 1500x1200