HELK
ElastiFlow
Our great sponsors
HELK | ElastiFlow | |
---|---|---|
10 | 31 | |
3,659 | 2,311 | |
- | - | |
0.0 | 4.1 | |
almost 3 years ago | over 2 years ago | |
Jupyter Notebook | Shell | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
HELK
-
Kali Linux 2023.1 introduces 'Purple' distro for defensive security
Utilizing that api and juniper notebooks is exactly why Hunting Elk is the way it from my understanding.
-
where to start learning about cyber defense for beginners
So you can actual do both defensive while practicing offensive. If you can set up a lab system with an attacker, for ease using kali, and defensive systems like a single windows box, or you can go balls to the wall if you have the resources and set up an AD environment and then ship all the logs to a SIEM system like Splunk or HELK (https://github.com/Cyb3rWard0g/HELK). Building off the environment you can also include Mordor (https://github.com/UraSecTeam/mordor)
-
Home Virtual SIEM Lab Suggestions?
HELK + Mordor combo https://github.com/Cyb3rWard0g/HELK
- Threat hunting Playbooks
-
SOC with machine learning
On a side note - I somehow have the feeling that you are trying to recreate https://github.com/Cyb3rWard0g/HELK
- Suggestion for Easy to use and affordable cost SIEM solution
- Build a SOC LAB
-
Elastic for security
You can find tools that leverage ELK that aren't necessarily plugins. SIEM looks like it has some free component to it, too: https://github.com/Cyb3rWard0g/HELK https://www.elastic.co/blog/elastic-siem-free-open
-
Home lab with security monitoring tools?
HELK can help for the SIEM and detection part
-
Blue team projects
MISP is a Threat Intelligence Platform (TIP), not a hunting platform. That would be something like HELK
ElastiFlow
- NETFLOW .. NTOPNG how to ?
- Seaching for How To install Elastiflow
-
Into my 6th year of this ... hobby?
As a matter of fact, I played with the now deprecated Elastiflow, however I couldn't get my head around managing ELK, scrapped it pretty quickly, and Netflow did not reach the meaningful stage at that time. OpenNMS looks pretty massive that I can't run it at the moment. Thanks for suggestion though.
-
Threat detection
One thing I ran for a while was security onion and utilized port mirroring to mirror the uplink port from my primary switch to my LAN on my router, so I was catching anything coming into/out of my network destined for internet. I've also used ElastiFlow ( https://github.com/robcowart/elastiflow ) which is absolutely phenomenal and awesome, I did the same and it provides some great data. You could also leverage IntelOwl ( https://github.com/intelowlproject/IntelOwl ) , one thing I have added to all my VMs is a OSSEC agent, Wazuh to be specific which is free ( https://github.com/wazuh/wazuh ) and while I am not using it to its full potential such as monitoring file deletions/modifications etc it is a powerful tool.
- Linux Network Traffic Monitor
-
Monitoring all inter-VLAN traffic on 9410 switch?
I'd recommend taking a look at Elastiflow (link is to the legacy version, I haven't used the pay structured tier version that replaced it) as a flow collector. Do it in a docker container, dump netflow to it, and use a sample rate that doesn't fill your collector box with flow packets after a single day. Depends on your traffic rates. We use 1 out of 250 for our rate.
-
Netflow bit rate and Interface Bit Rate
https://github.com/robcowart/elastiflow/issues/201 https://github.com/robcowart/elastiflow/issues/52
- Network Traffic visualization
- ElastiFlow help
-
Installation help, almost there.
Where as the newer version is (https://github.com/robcowart/elastiflow/) is called:
What are some alternatives?
pfelk - pfSense/OPNsense + Elastic Stack
ntopng - Web-based Traffic and Security Network Traffic Monitoring
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
docker-elk - The Elastic stack (ELK) powered by Docker and Compose.
LibreNMS - Community-based GPL-licensed network monitoring system
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Netdata - The open-source observability platform everyone needs
jupyter2kibana - A Workflow for Data Scientists to bring Jupyter Notebook Visualizations to Kibana Dashboards
loki - Like Prometheus, but for logs.
praeco - Elasticsearch alerting made simple.
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.