HELK
docker-elk
Our great sponsors
HELK | docker-elk | |
---|---|---|
10 | 11 | |
3,659 | 16,553 | |
- | - | |
0.0 | 7.6 | |
almost 3 years ago | 6 days ago | |
Jupyter Notebook | Shell | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
HELK
-
Kali Linux 2023.1 introduces 'Purple' distro for defensive security
Utilizing that api and juniper notebooks is exactly why Hunting Elk is the way it from my understanding.
-
where to start learning about cyber defense for beginners
So you can actual do both defensive while practicing offensive. If you can set up a lab system with an attacker, for ease using kali, and defensive systems like a single windows box, or you can go balls to the wall if you have the resources and set up an AD environment and then ship all the logs to a SIEM system like Splunk or HELK (https://github.com/Cyb3rWard0g/HELK). Building off the environment you can also include Mordor (https://github.com/UraSecTeam/mordor)
-
Home Virtual SIEM Lab Suggestions?
HELK + Mordor combo https://github.com/Cyb3rWard0g/HELK
- Threat hunting Playbooks
-
SOC with machine learning
On a side note - I somehow have the feeling that you are trying to recreate https://github.com/Cyb3rWard0g/HELK
- Suggestion for Easy to use and affordable cost SIEM solution
- Build a SOC LAB
-
Elastic for security
You can find tools that leverage ELK that aren't necessarily plugins. SIEM looks like it has some free component to it, too: https://github.com/Cyb3rWard0g/HELK https://www.elastic.co/blog/elastic-siem-free-open
-
Home lab with security monitoring tools?
HELK can help for the SIEM and detection part
-
Blue team projects
MISP is a Threat Intelligence Platform (TIP), not a hunting platform. That would be something like HELK
docker-elk
-
Can't use ELK with Docker Compose
Hello everyone! I am trying to get started with ELK and I am facing a very frustrating situation. I am trying to use the stack with Docker Compose. I have tried 2 versions: https://github.com/deviantony/docker-elk and also https://www.elastic.co/blog/getting-started-with-the-elastic-stack-and-docker-compose but they both have the same problem. I inspected the Docker container logs and I get some weird errors:
-
Having difficulty setting up basic syslog reception on elk cluster.
The waters are further muddied since I started out trying to spin up a docker instance https://github.com/deviantony/docker-elk but I found the config for docker is setup with a different layout, for example with logstash there is no conf.d directory, and pipelines are layed out differently, making it more challenging to use web examples. Overall I've tried many config examples and all have failed.
-
Stacks issue
This is the github project conainer I'm trying to create a stack with: https://github.com/deviantony/docker-elk
- FWG/FWP logs
-
Have an interview that the only thing I’m not familiar with is elastisearch
Here's a quick way to get your hands into an elasticstack using docker-compose: https://github.com/deviantony/docker-elk
-
Why does logstash keep adding event data to the ingested logs?
Essentially I've got 2 sets of standard JSON files that I'm trying to ingest into a dockerized ELK stack. The first set was downloaded cloudflare logs, standard line separated JSON data, tried to use Filebeat to ingest and it kept prefixing the JSON data with some dumb ECS event data, basically exactly what this post describes if its easier to see in pics. All of the cloudflare data was nested within the event.original field and would not get mapped. But once I tried to use just logstash directly, it was fine and mapped correctly and no more event data.
-
problem into logstash data ingestion
i use the elk into the docker,using the docker-elk compose , the logstash logs shows that it is reciving the logs:
-
I have OSSEC installed and I want software to monitor the logs. I am not sure the best way to do this. [homelab]
It depends on what you want to get out of visualizing your logs. I use the combination of Elastic + Logstash + Kibana (ELK Stack) on docker to visualize things like
- Thanks for all YOUR help, WiFi is finally working flawlessly in our full stack Fortinet network.
-
Logwatch alternative?
I did end up kinda Frankensteining this project and docker-elk. Basically took out the entire etc/pfelk directory from pfelk project and added the pipelines/dashboard/groks etc to docker-elk. This works really will for me since I have several other devices that aren’t OPNSense that I wanted ingested to ELK.
What are some alternatives?
pfelk - pfSense/OPNsense + Elastic Stack
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
elastdocker - 🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
imdb-trakt-sync - Sync IMDb to Trakt
praeco - Elasticsearch alerting made simple.
jupyter2kibana - A Workflow for Data Scientists to bring Jupyter Notebook Visualizations to Kibana Dashboards
ansible-unifi
sigma - Main Sigma Rule Repository
drawio-export - Export Draw.io diagrams using docker