Introduction

To dive into attack research and build a database of potential attackers, I thought it’d be a great idea to set up my own infrastructure for analyzing security events.

Tech Stack:

Virtualization:

• Proxmox (I’m not concerned about VM stability here)

Container Platform:

• Kubernetes

Analytics Platform:

• Dataiku
• n8n
• MinIO (works perfectly as a temporary storage solution, so scaling isn’t a priority)

Cloud Providers:

• Yandex Cloud
• VK Cloud
• Hetzner Cloud
• OVH
• Various VPS providers

Networking:

• pfSense
• Nebula

REST API:

• FastAPI
• Yandex Query

Schema

See also

• Applying RAG for Working with Wazuh Documentation: A Step-by-Step Guide (Part 2)
• Applying RAG for Wazuh Documentation: A Step-by-Step Guide (Part 1)
• Enhancing Wazuh with Ollama: Boosting Cybersecurity (Part 4)
• Enhancing Wazuh with Ollama: Boosting Cybersecurity (Part 3)
• Enhancing Wazuh with Ollama: Boosting Cybersecurity (Part 2)