HELK
jupyter2kibana
Our great sponsors
HELK | jupyter2kibana | |
---|---|---|
10 | 4 | |
3,659 | 42 | |
- | - | |
0.0 | 0.0 | |
almost 3 years ago | over 1 year ago | |
Jupyter Notebook | Jupyter Notebook | |
GNU General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
HELK
-
Kali Linux 2023.1 introduces 'Purple' distro for defensive security
Utilizing that api and juniper notebooks is exactly why Hunting Elk is the way it from my understanding.
-
where to start learning about cyber defense for beginners
So you can actual do both defensive while practicing offensive. If you can set up a lab system with an attacker, for ease using kali, and defensive systems like a single windows box, or you can go balls to the wall if you have the resources and set up an AD environment and then ship all the logs to a SIEM system like Splunk or HELK (https://github.com/Cyb3rWard0g/HELK). Building off the environment you can also include Mordor (https://github.com/UraSecTeam/mordor)
-
Home Virtual SIEM Lab Suggestions?
HELK + Mordor combo https://github.com/Cyb3rWard0g/HELK
- Threat hunting Playbooks
-
SOC with machine learning
On a side note - I somehow have the feeling that you are trying to recreate https://github.com/Cyb3rWard0g/HELK
- Suggestion for Easy to use and affordable cost SIEM solution
- Build a SOC LAB
-
Elastic for security
You can find tools that leverage ELK that aren't necessarily plugins. SIEM looks like it has some free component to it, too: https://github.com/Cyb3rWard0g/HELK https://www.elastic.co/blog/elastic-siem-free-open
-
Home lab with security monitoring tools?
HELK can help for the SIEM and detection part
-
Blue team projects
MISP is a Threat Intelligence Platform (TIP), not a hunting platform. That would be something like HELK
jupyter2kibana
-
Outlining the pros and cons of threat hunting labs and threat sim frameworks on a hobbyist budget.
For context, if you didn't read the linked post, our team uses ELK stack as our SIEM, and a few of us wanted to set up a test lab to practice threat hunting on ELK. And we needed to do it on a Hobbyist budget. And we wanted to apply the data-science (inspired by this) strengths of Jupyter to our hunting workflow, since all of us already know Python.
-
Anyone have experience building a Windows AD lab environment in Docker?
Big picture: We want to work out an in-depth ELK workflow and develop some threat hunting automation. I found that a small ELK stack is hosted for a very reasonable price ($0.0263/hr for a small stack w/ 45GB storage as of today). And a CoCalc instance (collaborative cloud-hosted JupyterLab) costs another $6 per month. So between those two low-cost resources we've figured out a pretty neat Python -> Vega -> Kibana workflow to apply some data science and visualization to our threat-hunting workflow (after some trouble).
-
Python (Jupyter) -> Vega -> Kibana?
Here's the example referred to as well as the overarching project which inspired us to try this.
-
Resources
Elastic Eland (Python Elasticsearch client for exploring and analyzing data in Elasticsearch)
What are some alternatives?
pfelk - pfSense/OPNsense + Elastic Stack
jupyter-renderers - Renderers and renderer extensions for JupyterLab
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
nbdev - Create delightful software with Jupyter Notebooks
docker-elk - The Elastic stack (ELK) powered by Docker and Compose.
invoke-atomicredteam - Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
fastpages - An easy to use blogging platform, with enhanced support for Jupyter Notebooks.
praeco - Elasticsearch alerting made simple.
PurpleCloud - A little tool to play with Azure Identity - Azure Active Directory lab creation tool
sigma - Main Sigma Rule Repository
Microsoft-365-Defender-Hunting-Queries - Sample queries for Advanced hunting in Microsoft 365 Defender