ansible-collection-elk
HELK
ansible-collection-elk | HELK | |
---|---|---|
2 | 10 | |
41 | 3,659 | |
- | - | |
7.1 | 0.0 | |
28 days ago | almost 3 years ago | |
Jinja | Jupyter Notebook | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ansible-collection-elk
-
Install and configure the ELK stack with Ansible
git clone https://github.com/garutilorenzo/ansible-collection-elk.git cd nsible-collection-elk/ vagrant up Bringing machine 'elk-ubuntu-0' up with 'virtualbox' provider... Bringing machine 'elk-ubuntu-1' up with 'virtualbox' provider... Bringing machine 'elk-ubuntu-2' up with 'virtualbox' provider... Bringing machine 'elk-ubuntu-3' up with 'virtualbox' provider... Bringing machine 'elk-ubuntu-4' up with 'virtualbox' provider... Bringing machine 'elk-ubuntu-5' up with 'virtualbox' provider... [...] [...] elk-ubuntu-5: Inserting generated public key within guest... ==> elk-ubuntu-5: Machine booted and ready! ==> elk-ubuntu-5: Checking for guest additions in VM... elk-ubuntu-5: The guest additions on this VM do not match the installed version of elk-ubuntu-5: VirtualBox! In most cases this is fine, but in rare cases it can elk-ubuntu-5: prevent things such as shared folders from working properly. If you see elk-ubuntu-5: shared folder errors, please make sure the guest additions within the elk-ubuntu-5: virtual machine match the version of VirtualBox you have installed on elk-ubuntu-5: your host and reload your VM. elk-ubuntu-5: elk-ubuntu-5: Guest Additions Version: 6.0.0 r127566 elk-ubuntu-5: VirtualBox Version: 6.1 ==> elk-ubuntu-5: Setting hostname... ==> elk-ubuntu-5: Configuring and enabling network interfaces... ==> elk-ubuntu-5: Mounting shared folders... elk-ubuntu-5: /vagrant => C:/Users/Lorenzo Garuti/workspaces/simple-ubuntu ==> elk-ubuntu-5: Running provisioner: shell... elk-ubuntu-5: Running: inline script ==> elk-ubuntu-5: Running provisioner: shell... elk-ubuntu-5: Running: inline script elk-ubuntu-5: hello from node 5
-
Install and configure a high available high available a high available Elasticsearch cluster
This ansible collection will install and configure a high available a high available Elasticsearch cluster.
HELK
-
Kali Linux 2023.1 introduces 'Purple' distro for defensive security
Utilizing that api and juniper notebooks is exactly why Hunting Elk is the way it from my understanding.
-
where to start learning about cyber defense for beginners
So you can actual do both defensive while practicing offensive. If you can set up a lab system with an attacker, for ease using kali, and defensive systems like a single windows box, or you can go balls to the wall if you have the resources and set up an AD environment and then ship all the logs to a SIEM system like Splunk or HELK (https://github.com/Cyb3rWard0g/HELK). Building off the environment you can also include Mordor (https://github.com/UraSecTeam/mordor)
-
Home Virtual SIEM Lab Suggestions?
HELK + Mordor combo https://github.com/Cyb3rWard0g/HELK
- Threat hunting Playbooks
-
SOC with machine learning
On a side note - I somehow have the feeling that you are trying to recreate https://github.com/Cyb3rWard0g/HELK
- Suggestion for Easy to use and affordable cost SIEM solution
- Build a SOC LAB
-
Elastic for security
You can find tools that leverage ELK that aren't necessarily plugins. SIEM looks like it has some free component to it, too: https://github.com/Cyb3rWard0g/HELK https://www.elastic.co/blog/elastic-siem-free-open
-
Home lab with security monitoring tools?
HELK can help for the SIEM and detection part
-
Blue team projects
MISP is a Threat Intelligence Platform (TIP), not a hunting platform. That would be something like HELK
What are some alternatives?
o365beat - Elastic Beat for fetching and shipping Office 365 audit events
pfelk - pfSense/OPNsense + Elastic Stack
elastdocker - 🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
docker-elk - The Elastic stack (ELK) powered by Docker and Compose.
ansible-elk - :bar_chart: Ansible playbook for setting up an ELK/EFK stack and clients.
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
S1EM - This project is a SIEM with SIRP and Threat Intel, all in one.
praeco - Elasticsearch alerting made simple.
ansible-role-elasticsearch - Ansible Role - Elasticsearch
jupyter2kibana - A Workflow for Data Scientists to bring Jupyter Notebook Visualizations to Kibana Dashboards