HELK | mordor | |
---|---|---|
10 | 6 | |
3,659 | 1,548 | |
- | 0.7% | |
0.0 | 5.6 | |
almost 3 years ago | about 1 month ago | |
Jupyter Notebook | PowerShell | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
HELK
-
Kali Linux 2023.1 introduces 'Purple' distro for defensive security
Utilizing that api and juniper notebooks is exactly why Hunting Elk is the way it from my understanding.
-
where to start learning about cyber defense for beginners
So you can actual do both defensive while practicing offensive. If you can set up a lab system with an attacker, for ease using kali, and defensive systems like a single windows box, or you can go balls to the wall if you have the resources and set up an AD environment and then ship all the logs to a SIEM system like Splunk or HELK (https://github.com/Cyb3rWard0g/HELK). Building off the environment you can also include Mordor (https://github.com/UraSecTeam/mordor)
-
Home Virtual SIEM Lab Suggestions?
HELK + Mordor combo https://github.com/Cyb3rWard0g/HELK
- Threat hunting Playbooks
-
SOC with machine learning
On a side note - I somehow have the feeling that you are trying to recreate https://github.com/Cyb3rWard0g/HELK
- Suggestion for Easy to use and affordable cost SIEM solution
- Build a SOC LAB
-
Elastic for security
You can find tools that leverage ELK that aren't necessarily plugins. SIEM looks like it has some free component to it, too: https://github.com/Cyb3rWard0g/HELK https://www.elastic.co/blog/elastic-siem-free-open
-
Home lab with security monitoring tools?
HELK can help for the SIEM and detection part
-
Blue team projects
MISP is a Threat Intelligence Platform (TIP), not a hunting platform. That would be something like HELK
mordor
- SOC with machine learning
-
What tooling/scripts/capability would your Blueteam benefit from? Add your wish to the comments 👇🏿 and it might come true..
https://github.com/OTRF/Security-Datasets -> Any table in sentinel
- Dummy security logs to practice with team?
-
Cybersecurity bootcamp
Cloud resources (like Simuland: https://github.com/Azure/SimuLand ) might let you spin up your environment without at-home resources, but you can also learn about what attacks look like and how they work in defenses using something like the OTRF project: https://github.com/OTRF/Security-Datasets
-
Simplest path to ECS-formatted winlogbeat style json file import
To get started as easily as possible we’re looking to use data from the security datasets (formerly Mordor) project https://github.com/OTRF/Security-Datasets and converting some of this data to winlogbeat/ECS using this tool: https://github.com/barvhaim/mordor2ecs
-
How to grt better/ homelab help
Exactly! Either inline, or mirror your traffic via SPAN - assuming quite a lot of phones, tablets and other gear you‘ll definitely start spotting some not-so-hot traffic quite soon. In case you can arrange for a public IP at home, start tapping in and profile your visitors. In case you deem your homenet too boring - as mentioned - Mordor - hit your Onion with actual malicious traffic: https://github.com/OTRF/mordor
What are some alternatives?
pfelk - pfSense/OPNsense + Elastic Stack
ecs-mapper - Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
loglizer - A machine learning toolkit for log-based anomaly detection [ISSRE'16]
docker-elk - The Elastic stack (ELK) powered by Docker and Compose.
mordor2ecs - Windows log to ECS format for Mordor large dataset
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
praeco - Elasticsearch alerting made simple.
jupyter2kibana - A Workflow for Data Scientists to bring Jupyter Notebook Visualizations to Kibana Dashboards
sigma - Main Sigma Rule Repository
Microsoft-365-Defender-Hunting-Queries - Sample queries for Advanced hunting in Microsoft 365 Defender
go-stash - go-stash is a high performance, free and open source server-side data processing pipeline that ingests data from Kafka, processes it, and then sends it to ElasticSearch.