Overview
The Cybersixgill python script is meant to be executed on a schedule over time.
Depending on the Operating System this could for example be with Cronjobs, Systemd timers or Windows Task Scheduler.
Installation Download the project either using git commands or manually downloading the project code, example below:
git clone https://github.com/elastic/filebeat-cybersixgill-integration
Install any python dependencies (this could be either using the pip
or pip3
command, depending on which python version is default):
pip3 install -r requirements.txt
Configure the script by filling out the configuration part at the top of cybersixgill.py
:
##Cybersixgill Configuration##
# The ClientID used to authenticate with Cybersixgill
client_id = ""
# The Client Secret used to authenticate with Cybersixgill.
client_secret = ""
##Elastic Agent Configuration##
# The URL (hostname or IP address) in which the Elastic Agent configured to listen on. Including if its http/https.
url = "http://localhost"
# The port in which the Elastic Agent is configured to use.
port = 8181
# The username and password used when configuring the Elastic Agent.
username = ""
password = ""
Schedule the execution of the script with for example Systemd timers, depending on your architecture and operating system:
$sudo nano/etc/systemd/system/cybersixgill.service
Example unit file:
[Unit]
Description=Cybersixgill Python Script
[Service]
ExecStart=/bin/python /path/to/cybersixgill.py
Add timer file:
$sudo nano /etc/systemd/system/cybersxigill.timer
Example timer file:
[Unit]
Description=Run Cybersixgill Python Script every 15 minutes
[Timer]
OnBootSec=15min
OnUnitActiveSec=15min
[Install]
WantedBy=timers.target
Enable the timer:
$sudo systemctl enable cybersixgill.timer
$sudo systemctl start cybersixgill.timer