OpenSIEM-Logstash-Parsing
PurpleCloud
OpenSIEM-Logstash-Parsing | PurpleCloud | |
---|---|---|
2 | 1 | |
174 | 474 | |
0.0% | - | |
8.6 | 5.5 | |
24 days ago | 2 months ago | |
Python | Python | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
OpenSIEM-Logstash-Parsing
- The Cargill SIEM team has published this new project with a collection of logstash parser configs developed in house for multiple technologies. Logstash parsers are usually scattered around in gists and repos but this is a very comprehensive library in a single project!
- Logstash parsers for +100 technologies
PurpleCloud
-
Anyone have experience building a Windows AD lab environment in Docker?
We looked into pre-configured, plug-and-play options. One project (leveraging Ansible) is called PurpleCloud. Probably because running even a handful of Windows VMs on a PC can get pretty slow, pretty fast, their project spins this network up on Azure. However, the estimated monthly cost of the cloud resources is not attractive; over $300 per month. While it's true that we would not need to run the lab every day resulting in lower cost, I think we would want to run new tests fairly often, especially if multiple analysts are using it (and I already know the burn of forgetting an EC2 instance on for a week or two).
What are some alternatives?
sigma - Main Sigma Rule Repository
invoke-atomicredteam - Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
sexilog - SexiLog is a specific ELK virtual appliance designed for vSphere environment
ansible-pentest-deploy - Using Ansible as an orchestrator, this project is another solution for testers looking to configure and deploy a new VM or VPS box with the tools that they need for penetration testing.
tull - log teleporter
jupyter2kibana - A Workflow for Data Scientists to bring Jupyter Notebook Visualizations to Kibana Dashboards
sqlog - Ingest Nginx logs into a SQLite database for easy querying
hashlookup-forensic-analyser - Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.