Our great sponsors
HELK | pfelk | |
---|---|---|
10 | 23 | |
3,659 | 980 | |
- | 1.5% | |
0.0 | 9.1 | |
almost 3 years ago | 11 days ago | |
Jupyter Notebook | Shell | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
HELK
-
Kali Linux 2023.1 introduces 'Purple' distro for defensive security
Utilizing that api and juniper notebooks is exactly why Hunting Elk is the way it from my understanding.
-
where to start learning about cyber defense for beginners
So you can actual do both defensive while practicing offensive. If you can set up a lab system with an attacker, for ease using kali, and defensive systems like a single windows box, or you can go balls to the wall if you have the resources and set up an AD environment and then ship all the logs to a SIEM system like Splunk or HELK (https://github.com/Cyb3rWard0g/HELK). Building off the environment you can also include Mordor (https://github.com/UraSecTeam/mordor)
-
Home Virtual SIEM Lab Suggestions?
HELK + Mordor combo https://github.com/Cyb3rWard0g/HELK
- Threat hunting Playbooks
-
SOC with machine learning
On a side note - I somehow have the feeling that you are trying to recreate https://github.com/Cyb3rWard0g/HELK
- Suggestion for Easy to use and affordable cost SIEM solution
- Build a SOC LAB
-
Elastic for security
You can find tools that leverage ELK that aren't necessarily plugins. SIEM looks like it has some free component to it, too: https://github.com/Cyb3rWard0g/HELK https://www.elastic.co/blog/elastic-siem-free-open
-
Home lab with security monitoring tools?
HELK can help for the SIEM and detection part
-
Blue team projects
MISP is a Threat Intelligence Platform (TIP), not a hunting platform. That would be something like HELK
pfelk
-
Best way to use my SFF PCs
I understood that OPNsense runs fine with 8GB RAM and a relatively weak CPU, but then I saw this, which provides extended search and visualisation features to help you use the data created by OPNsense, and it recommends 32GB. pfelk/pfelk: pfSense/OPNsense + Elastic Stack (github.com)
-
pfELK won't receive syslog data on port 5140
I've carefully followed the manual Ubuntu setup of pfelk from https://github.com/pfelk/pfelk/tree/main, the instructions are pretty good. I did everything manually except for the dashboards, used the handy script. I've also configured syslog to remote log everything to it, plus unbound data.
- SIEM or Dashboards
- Logs to LogStash then to Sentinel. Parsing problem.
-
i'm looking for an PFsense app that i Can use it with splunk, i find only one but it miss Many options
I've been using pfElk. You could probably use some of the parsers from there to parse things yourself in Splunk.
-
My growing homelab, CS student in Germany
On the left is a Kibana dashboard, showing information from the firewall (blocks/passes, connection type, etc). I use pfelk and customised the dashboard and the indexing a bit to suit my needs.
- PfSense Guide for Viewing Traffic History?
-
Running a private mail server for six years, easy peasy
> So many chinese and russians IPs...
And Korean, and Dutch, I recall significant from Central America.
For anyone interested in what Geo's appear to be attacking you, and is a noob like me: https://github.com/pfelk/pfelk is really cool.
- How to best visualize Suricata alerts in pfsense
What are some alternatives?
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
ElastiFlow - Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack
docker-elk - The Elastic stack (ELK) powered by Docker and Compose.
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
pfSense-Dashboard - A functional and useful dashboard for pfSense that utilizes influxdb, grafana and telegraf
praeco - Elasticsearch alerting made simple.
docker-compose-macvlan - Docker-compose macvlan example - container using different IP address than host.
jupyter2kibana - A Workflow for Data Scientists to bring Jupyter Notebook Visualizations to Kibana Dashboards
fast-geoip - A faster & low-memory replacement for geoip-lite, a node library that maps IPs to geographical information
sigma - Main Sigma Rule Repository
securityonion - Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.