version: "3.8"
services:
  suricata:
    image: jasonish/suricata:6.0.3
    restart: unless-stopped
    networks:
      - suricatanet
    volumes:
      - surilogs:/var/log/suricata
      - surirules:/var/lib/suricata
      - suriconf:/etc/suricata
    cap_drop:
      - ALL
    cap_add:
      - net_admin
      - sys_nice
    environment:
      - SURICATA_OPTIONS=-i eth0 -vvv
    network_mode: "host"
  evebox:
    image: jasonish/evebox:0.14.0
  elasticsearch:
    image: elasticsearch:7.10.1
    volumes:
      - elk-data:/usr/share/elasticsearch/data
    networks:
      - notifnet
      - lognet
    ports:
      - "9200:9200"
      - "9300:9300"
    environment:
      - ES_JAVA_OPTS=-Xms256m -Xmx256m
      - discovery.type=single-node
      - xpack.monitoring.enabled=true
      - xpack.watcher.enabled=true
  logstash:
    image: logstash:7.10.1
    networks:
      - lognet
    depends_on:
      - elasticsearch
    environment:
      - MONITORING_ENABLED=true
      - LS_JAVA_OPTS=-Xms256m -Xmx256m
    ports:
      - "5000:5000"
  kibana:
    image: kibana:7.10.1
    environment:
      - ELASTICSEARCH_URL=http://elastic:9200
    networks:
      - lognet
    ports:
      - "5102:5601"
    depends_on:
      - elasticsearch
networks:
  suricatanet:
  lognet:
volumes:
  surilogs:
  surirules:
  suriconf: