PurpleCloud
OpenSIEM-Logstash-Parsing
PurpleCloud | OpenSIEM-Logstash-Parsing | |
---|---|---|
1 | 2 | |
474 | 174 | |
- | 0.0% | |
5.5 | 8.6 | |
2 months ago | 23 days ago | |
Python | Python | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PurpleCloud
-
Anyone have experience building a Windows AD lab environment in Docker?
We looked into pre-configured, plug-and-play options. One project (leveraging Ansible) is called PurpleCloud. Probably because running even a handful of Windows VMs on a PC can get pretty slow, pretty fast, their project spins this network up on Azure. However, the estimated monthly cost of the cloud resources is not attractive; over $300 per month. While it's true that we would not need to run the lab every day resulting in lower cost, I think we would want to run new tests fairly often, especially if multiple analysts are using it (and I already know the burn of forgetting an EC2 instance on for a week or two).
OpenSIEM-Logstash-Parsing
- The Cargill SIEM team has published this new project with a collection of logstash parser configs developed in house for multiple technologies. Logstash parsers are usually scattered around in gists and repos but this is a very comprehensive library in a single project!
- Logstash parsers for +100 technologies
What are some alternatives?
invoke-atomicredteam - Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
sigma - Main Sigma Rule Repository
ansible-pentest-deploy - Using Ansible as an orchestrator, this project is another solution for testers looking to configure and deploy a new VM or VPS box with the tools that they need for penetration testing.
sexilog - SexiLog is a specific ELK virtual appliance designed for vSphere environment
jupyter2kibana - A Workflow for Data Scientists to bring Jupyter Notebook Visualizations to Kibana Dashboards
tull - log teleporter
hashlookup-forensic-analyser - Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
sqlog - Ingest Nginx logs into a SQLite database for easy querying
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.