ansible-collection-elk VS HELK

git clone https://github.com/garutilorenzo/ansible-collection-elk.git cd nsible-collection-elk/ vagrant up Bringing machine 'elk-ubuntu-0' up with 'virtualbox' provider... Bringing machine 'elk-ubuntu-1' up with 'virtualbox' provider... Bringing machine 'elk-ubuntu-2' up with 'virtualbox' provider... Bringing machine 'elk-ubuntu-3' up with 'virtualbox' provider... Bringing machine 'elk-ubuntu-4' up with 'virtualbox' provider... Bringing machine 'elk-ubuntu-5' up with 'virtualbox' provider... [...] [...] elk-ubuntu-5: Inserting generated public key within guest... ==> elk-ubuntu-5: Machine booted and ready! ==> elk-ubuntu-5: Checking for guest additions in VM... elk-ubuntu-5: The guest additions on this VM do not match the installed version of elk-ubuntu-5: VirtualBox! In most cases this is fine, but in rare cases it can elk-ubuntu-5: prevent things such as shared folders from working properly. If you see elk-ubuntu-5: shared folder errors, please make sure the guest additions within the elk-ubuntu-5: virtual machine match the version of VirtualBox you have installed on elk-ubuntu-5: your host and reload your VM. elk-ubuntu-5: elk-ubuntu-5: Guest Additions Version: 6.0.0 r127566 elk-ubuntu-5: VirtualBox Version: 6.1 ==> elk-ubuntu-5: Setting hostname... ==> elk-ubuntu-5: Configuring and enabling network interfaces... ==> elk-ubuntu-5: Mounting shared folders... elk-ubuntu-5: /vagrant => C:/Users/Lorenzo Garuti/workspaces/simple-ubuntu ==> elk-ubuntu-5: Running provisioner: shell... elk-ubuntu-5: Running: inline script ==> elk-ubuntu-5: Running provisioner: shell... elk-ubuntu-5: Running: inline script elk-ubuntu-5: hello from node 5

This ansible collection will install and configure a high available a high available Elasticsearch cluster.

Utilizing that api and juniper notebooks is exactly why Hunting Elk is the way it from my understanding.

So you can actual do both defensive while practicing offensive. If you can set up a lab system with an attacker, for ease using kali, and defensive systems like a single windows box, or you can go balls to the wall if you have the resources and set up an AD environment and then ship all the logs to a SIEM system like Splunk or HELK (https://github.com/Cyb3rWard0g/HELK). Building off the environment you can also include Mordor (https://github.com/UraSecTeam/mordor)

HELK + Mordor combo https://github.com/Cyb3rWard0g/HELK

On a side note - I somehow have the feeling that you are trying to recreate https://github.com/Cyb3rWard0g/HELK

You can find tools that leverage ELK that aren't necessarily plugins. SIEM looks like it has some free component to it, too: https://github.com/Cyb3rWard0g/HELK https://www.elastic.co/blog/elastic-siem-free-open

HELK can help for the SIEM and detection part

MISP is a Threat Intelligence Platform (TIP), not a hunting platform. That would be something like HELK