Hydra

Photo posted by chris on Oct 13, 2016

Hydra

 

Hydra is used by SIEMonster as a server that collectors logs at a customer’s site who requires SIEM as a Service. Instead of all of the customer’s endpoints sending logs directly into the AMAZON VPC tunnel, Hydra collects all the logs ensures correct queuing and in the event of a Cloud outage stores the SIEM logs until it comes back online. Hydra then passes the SIEM event into Amazon AWS to Proteus/Capricorn and Kraken/Tiamat.

 

Sea monster Name Origins

 

Hydra or Hydra of Lerna more often known simply as the Hydra, was a serpentine water monster in Greek and Roman mythology. Its lair was the lake of Lerna in the Argolid, which was also the site of the myth of the Danaids. Lerna was reputed to be an entrance to the Underworld and archaeology has established it as a sacred site older than Mycenaean Argos. In the canonical Hydra myth, the monster is killed by Heracles, using sword and fire, as the second of his Twelve Labors. According to Hesiod, the Hydra was the offspring of Typhon and Echidna. It possessed many heads, the exact number of which varies per the source. Later versions of the Hydra story add a regeneration feature to the monster: for every head chopped off, the Hydra would regrow one or multiple heads. The Hydra had poisonous breath and blood so virulent that even its scent was deadly.

 

Software Overview Function Table

 

Hydra

Function

Logstash

Log retrieval, processing

RabbitMQ

Messaging queuing

OpenVPN

OpenVPN client software

 

Software Detail Function Table

 

 

Software

Function

Logstash

Logstash helps to take logs and other time based event data from any system and stores it in a single place for additional transformation and processing. Logstash will scrub the logs and parse all data sources into an easy to read JSON format.

RabbitMQ

RabbitMQ is used as buffer funnel header that allows data flowing in from 1000’s of endpoint sources quickly and orderly and holds, stores and flows into the SIEM in an orderly rate.

 

OpenVPN

OpenVPN client software to allow encrypted traffic between datacentres or AWS/AZURE infrastructure Direct Connect is not in place.

 

 

 

Default IP addresses and Passwords

Server Name

IP Address

Subnet

Gateway

Hydra

192.168.0.105

255.255.255.0

192.168.0.1

 

 

Host

User

Password

Access

192.168.0.105

siemonster

siemonster

SSH/Local Access

Photo Details

  • File size
  • 560.4 KB
  • Photo size
  • 1445x1164

Outcomes