docker-elk
HELK
Our great sponsors
docker-elk | HELK | |
---|---|---|
11 | 10 | |
16,456 | 3,659 | |
- | - | |
7.6 | 0.0 | |
about 1 month ago | almost 3 years ago | |
Shell | Jupyter Notebook | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
docker-elk
-
Have an interview that the only thing I’m not familiar with is elastisearch
Here's a quick way to get your hands into an elasticstack using docker-compose: https://github.com/deviantony/docker-elk
-
Logwatch alternative?
I did end up kinda Frankensteining this project and docker-elk. Basically took out the entire etc/pfelk directory from pfelk project and added the pipelines/dashboard/groks etc to docker-elk. This works really will for me since I have several other devices that aren’t OPNSense that I wanted ingested to ELK.
HELK
-
Kali Linux 2023.1 introduces 'Purple' distro for defensive security
Utilizing that api and juniper notebooks is exactly why Hunting Elk is the way it from my understanding.
-
where to start learning about cyber defense for beginners
So you can actual do both defensive while practicing offensive. If you can set up a lab system with an attacker, for ease using kali, and defensive systems like a single windows box, or you can go balls to the wall if you have the resources and set up an AD environment and then ship all the logs to a SIEM system like Splunk or HELK (https://github.com/Cyb3rWard0g/HELK). Building off the environment you can also include Mordor (https://github.com/UraSecTeam/mordor)
-
Home Virtual SIEM Lab Suggestions?
HELK + Mordor combo https://github.com/Cyb3rWard0g/HELK
- Threat hunting Playbooks
-
SOC with machine learning
On a side note - I somehow have the feeling that you are trying to recreate https://github.com/Cyb3rWard0g/HELK
-
Elastic for security
You can find tools that leverage ELK that aren't necessarily plugins. SIEM looks like it has some free component to it, too: https://github.com/Cyb3rWard0g/HELK https://www.elastic.co/blog/elastic-siem-free-open
-
Home lab with security monitoring tools?
HELK can help for the SIEM and detection part
What are some alternatives?
pfelk - pfSense/OPNsense + Elastic Stack
elastdocker - 🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
imdb-trakt-sync - Sync IMDb to Trakt
praeco - Elasticsearch alerting made simple.
ansible-unifi
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
LedFxDocker - A Docker Container for LedFx.
drawio-export - Export Draw.io diagrams using docker
annepro2-qmk-docker - Docker image for compiling and flashing OpenAnnePro firmware.
ethereum2-docker-compose - Run different kind of Ethereum 2 staking nodes with monitoring tools and own Ethereum 1 node out of the box!