-
Notifications
You must be signed in to change notification settings - Fork 8
/
docker-compose.yml
148 lines (141 loc) · 5 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
---
version: '3'
services:
broker:
image: confluentinc/confluent-local:7.4.0
hostname: broker
container_name: broker
ports:
- "9092:9092"
- "9101:9101"
healthcheck:
test: nc -z localhost 9092 || exit -1
interval: 5s
timeout: 10s
retries: 100
environment:
KAFKA_NODE_ID: 1
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: 'CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT'
KAFKA_ADVERTISED_LISTENERS: 'PLAINTEXT://broker:29092,PLAINTEXT_HOST://localhost:9092'
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 0
KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
KAFKA_JMX_PORT: 9101
KAFKA_JMX_HOSTNAME: localhost
KAFKA_PROCESS_ROLES: 'broker,controller'
KAFKA_CONTROLLER_QUORUM_VOTERS: '1@broker:29093'
KAFKA_LISTENERS: 'PLAINTEXT://broker:29092,CONTROLLER://broker:29093,PLAINTEXT_HOST://0.0.0.0:9092'
KAFKA_INTER_BROKER_LISTENER_NAME: 'PLAINTEXT'
KAFKA_CONTROLLER_LISTENER_NAMES: 'CONTROLLER'
KAFKA_LOG_DIRS: '/tmp/kraft-combined-logs'
schema-registry:
image: confluentinc/cp-schema-registry:latest
hostname: schema-registry
container_name: schema-registry
depends_on:
- broker
ports:
- "8081:8081"
environment:
SCHEMA_REGISTRY_HOST_NAME: schema-registry
SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: 'broker:29092'
control-center:
image: confluentinc/cp-enterprise-control-center:latest
hostname: control-center
container_name: control-center
user: root
depends_on:
- broker
- schema-registry
ports:
- "9021:9021"
environment:
CONTROL_CENTER_BOOTSTRAP_SERVERS: 'broker:29092'
CONTROL_CENTER_CONNECT_CONNECT-DEFAULT_CLUSTER: 'connect:8083'
# The control center server connects to ksqlDB through the docker network
CONTROL_CENTER_KSQL_KSQLDB1_URL: "http://ksqldb-server:8088"
CONTROL_CENTER_KSQL_KSQLDB1_ADVERTISED_URL: https://localhost:8088
CONTROL_CENTER_SCHEMA_REGISTRY_URL: "http://schema-registry:8081"
CONTROL_CENTER_REPLICATION_FACTOR: 1
CONTROL_CENTER_INTERNAL_TOPICS_PARTITIONS: 1
CONTROL_CENTER_MODE_ENABLE: "management"
sigma-zeek-dns-streams:
image: streamingblocks/confluent-sigma:1.3.0
container_name: sigma-zeek-dns-streams
depends_on:
- broker
hostname: sigma-zeek-dns-streams
environment:
application_id: 'zeek-dns-rules-streams-app'
bootstrap_servers: 'broker:29092'
schema_registry: 'http://schema-registry:8081'
data_topic: 'dns'
output_topic: 'dns-detection'
field_mapping_file: '/tmp/config/splunk-zeek.yml'
sigma_rules_topic: 'sigma-rules'
sigma_rule_filter_product: 'zeek'
sigma_rule_filter_service: 'dns'
volumes:
- ./sigma:/tmp/config
sigma-splunk-cisco-asa-streams:
image: streamingblocks/confluent-sigma:1.3.0
container_name: sigma-splunk-cisco-asa-streams
depends_on:
- broker
hostname: sigma-splunk-cisco-asa-streams
environment:
application_id: 'splunk-cisco-asa-rules-streams-app'
bootstrap_servers: 'broker:29092'
schema_registry: 'http://schema-registry:8081'
data_topic: 'splunk-s2s-events'
output_topic: 'splunk-cisco-asa-detection'
field_mapping_file: '/tmp/config/splunk-zeek.yml'
sigma_rules_topic: 'sigma-rules'
sigma_rule_filter_product: 'splunk'
sigma_rule_filter_service: 'cisco:asa'
volumes:
- ./sigma:/tmp/config
sigma-streams-ui:
image: streamingblocks/confluent-sigma-ui:1.3.0
container_name: sigma-streams-ui
depends_on:
- broker
hostname: sigma-streams-ui
ports:
- 8080:8080
environment:
bootstrap_servers: 'broker:29092'
schema_registry: 'http://schema-registry:8081'
group_id: 'sigma-streams-ui'
auto_offset.reset: 'latest'
enable.auto.commit: 'true'
max.poll.records: 5000
key_deserializer: 'org.apache.kafka.common.serialization.StringDeserializer'
value_deserializer: 'org.apache.kafka.common.serialization.StringDeserializer'
topic_list: 'dns, dns-detection, splunk-s2s-events, firewalls'
sigma_rules_topic: 'sigma-rules'
generate-dns-data:
image: edenhill/kcat:1.7.1
container_name: generate-dns-data
hostname: generate-dns-data
entrypoint: bin/sh
depends_on:
- broker
volumes:
- ./demo/data:/tmp/data
command:
- -c
- "trap 'exit 0' SIGTERM; while true; do kcat -P -b broker:29092 -t dns -l /tmp/data/dns_demo.txt; usleep 200000; done"
generate-splunk-data:
image: edenhill/kcat:1.7.1
container_name: generate-splunk-data
hostname: generate-splunk-data
entrypoint: bin/sh
depends_on:
- broker
volumes:
- ./demo/data:/tmp/data
command:
- -c
- "trap 'exit 0' SIGTERM; while true; do kcat -P -b broker:29092 -t splunk-s2s-events -l /tmp/data/splunk-s2s-demo.txt; usleep 200000; done"