HELK
DetectionLab
Our great sponsors
| HELK | DetectionLab | |
|---|---|---|
| 10 | 31 | |
| 3,659 | 4,476 | |
| - | - | |
| 0.0 | 4.4 | |
| almost 3 years ago | about 1 year ago | |
| Jupyter Notebook | HTML | |
| GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
HELK
-
Kali Linux 2023.1 introduces 'Purple' distro for defensive security
Utilizing that api and juniper notebooks is exactly why Hunting Elk is the way it from my understanding.
-
where to start learning about cyber defense for beginners
So you can actual do both defensive while practicing offensive. If you can set up a lab system with an attacker, for ease using kali, and defensive systems like a single windows box, or you can go balls to the wall if you have the resources and set up an AD environment and then ship all the logs to a SIEM system like Splunk or HELK (https://github.com/Cyb3rWard0g/HELK). Building off the environment you can also include Mordor (https://github.com/UraSecTeam/mordor)
-
Home Virtual SIEM Lab Suggestions?
HELK + Mordor combo https://github.com/Cyb3rWard0g/HELK
- Threat hunting Playbooks
-
SOC with machine learning
On a side note - I somehow have the feeling that you are trying to recreate https://github.com/Cyb3rWard0g/HELK
-
Elastic for security
You can find tools that leverage ELK that aren't necessarily plugins. SIEM looks like it has some free component to it, too: https://github.com/Cyb3rWard0g/HELK https://www.elastic.co/blog/elastic-siem-free-open
-
Home lab with security monitoring tools?
HELK can help for the SIEM and detection part
DetectionLab
- Home Virtual SIEM Lab Suggestions?
-
Work setup
Detection Lab Link: https://github.com/clong/DetectionLab
-
learning splunk. is there a way to "play" with it?
Not sure what your goal with splunk is but I'd recommend Detection lab! Once you get the pre reqs setup, building and tearing down is super easy and you get a pre-baked ad environment to generate logs for you. https://github.com/clong/DetectionLab
-
Tool that automatically generates a realistic office scenario of vms?
I found a great starting point at the repo of DetectionLab : https://github.com/clong/DetectionLab
- Active directory scripts for setting a lab?
-
Cybersecurity Repositories
Detection Lab
-
Anyone have experience building a Windows AD lab environment in Docker?
Since you mention your in-depth ELK workflow, have you tried DetectionLab or Splunk's Attack Range? If you just want a fully working AD domain set up with various hosts, you can spin up the Red Team Attack Lab and then hook in your own logging stuff after it's built.
-
[HELP] :: AD LAB SETUP
I setup automated Chris Longs Detection Lab, to quickly spin up AD environment, AND i took WazeHell's Vulnerable-ad scripts to make the lab vulnerable to all kinds of attacks. Easy and effective lab with a domain controller, 2 servers and a windows 10 client.
-
Just a student who wants to start a carrier in Forensic or pentest
https://github.com/clong/DetectionLab for building your own lab
- Ideas for labs for students (suggestions or help/advice)
What are some alternatives?
DetectionLabELK - DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
vulnerable-AD - Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
security-onion - Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
pfelk - pfSense/OPNsense + Elastic Stack
Adaz - :wrench: Deploy customizable Active Directory labs in Azure - automatically.
DVWA - Damn Vulnerable Web Application (DVWA)
GOAD - game of active directory
docker-elk - The Elastic stack (ELK) powered by Docker and Compose.
BadBlood - BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
kubernetes-cluster-setup-using-terraform-and-k3s-on-digitalocean - Demonstration of how you can use set up your Kubernetes cluster on DigitalOcean using Terraform + k3s + Ansible
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
seed-labs - SEED Labs developed in the last 20 years.