DetectionLabELK
BlueTeam.Lab
DetectionLabELK | BlueTeam.Lab | |
---|---|---|
3 | 2 | |
525 | 125 | |
0.0% | - | |
0.0 | 2.5 | |
over 2 years ago | 11 months ago | |
PowerShell | Jinja | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
DetectionLabELK
-
Work setup
Detection Lab ELK: https://github.com/cyberdefenders/DetectionLabELK
-
Good ways to set up a home lab running ELK?
There are some great ready-made ELK-based security distributions: HELK, Security Onion, Wazuh to only name a few (search for "blueteam lab"). Some food for thought: - https://github.com/op7ic/BlueTeam.Lab (AZ) - https://hausec.com/2021/03/04/creating-a-red-blue-team-home-lab/ - https://github.com/aboutsecurity/blueteam_homelabs - https://unicornsec.com/home/siem-home-lab-series-part-1 - https://github.com/cyberdefenders/DetectionLabELK
-
Creating a Homelab for Active Directory and ELK
Coming late, but if you want something like this just by running a command line try https://github.com/cyberdefenders/DetectionLabELK/
BlueTeam.Lab
-
Good ways to set up a home lab running ELK?
There are some great ready-made ELK-based security distributions: HELK, Security Onion, Wazuh to only name a few (search for "blueteam lab"). Some food for thought: - https://github.com/op7ic/BlueTeam.Lab (AZ) - https://hausec.com/2021/03/04/creating-a-red-blue-team-home-lab/ - https://github.com/aboutsecurity/blueteam_homelabs - https://unicornsec.com/home/siem-home-lab-series-part-1 - https://github.com/cyberdefenders/DetectionLabELK
- Blue Team detection lab created with Terraform and Ansible.
What are some alternatives?
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
sysmon-modular - A repository of sysmon configuration modules
UltimateAppLockerByPassList - The goal of this repository is to document the most common techniques to bypass AppLocker.
AzureHunter - A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
the_cyber_plumbers_handbook - Free copy of The Cyber Plumber's Handbook - The definitive guide to Secure Shell (SSH) tunneling, port redirection, and bending traffic like a boss.
packer-plugin-windows-update - Packer plugin for installing Windows updates
red_team_attack_lab - Red Team Attack Lab for TTP testing & research
packer-windoze - Packer templates to create Windows vagrant box images
blueteam_homelabs - Great List of Resources to Build an Enterprise Grade Home Lab