HELK/README.md

# HELK [Beta]
The incredible HELK (Hunting, Elasticsearch, Logstash, Kibana) VM.

# Goals
* Provide a free hunting platform to the community and share the basics of Threat Hunting.
* Make sense of a large amount of event logs and add more context to suspicious events during hunting.
* Expedite the time it takes to deploy an ELK stack.
* Improve the testing of hunting use cases in an easier and more affordable way. 

# Resources
* [Setting up a Pentesting.. I mean, a Threat Hunting Lab - Part 5](https://cyberwardog.blogspot.com/2017/02/setting-up-pentesting-i-mean-threat_98.html)
* [Elastic Producs](https://www.elastic.co/products)
* [docker-elk](https://github.com/deviantony/docker-elk)

# Getting Started

## Requirements
* OS: Ubuntu-16.04.2 Server amd64 (Tested)
* Network Connection: NAT or Bridge
* RAM: 4GB (minimum)
* Applications:
	* Docker & Docker-compose (Needed for HELK Docker Installation ONLY)

### Installing Docker & Docker-compose
If you decide to build,(re)create, start and attach the specific containters needed for the HELK services (Elasticsearch, Logstash & Kibana), you will have to install Docker and Docker-compose first.

```
git clone https://github.com/Cyb3rWard0g/HELK.git
cd HELK/scripts
sudo ./helk_docker_install.sh
```
 
## HELK Installation
The HELK can be installed via a bash script or a docker-compose file. After installing the HELK, browse to your HELK (host) IP address and log on with username:helk & password:hunting.

### Bash Script
```
sudo git clone https://github.com/Cyb3rWard0g/HELK.git
cd HELK/scripts
sudo ./helk_install.sh
```

### Docker-compose
```
sudo git clone https://github.com/Cyb3rWard0g/HELK.git
cd HELK
sudo docker-compose up
```

# Author
* Roberto Rodriguez [@Cyb3rWard0g](https://twitter.com/Cyb3rWard0g)

# Contributors

# Contributing
There are a few things that I would like to accomplish with the HELK as shown in the To-Do list below, but I would also woult love to make the HELK a stable build for everyone in the community. If you are interested on making this build a more robust one and adding some cool features to it, PLEASE feel free to submit a pull request. #SharingIsCaring 

# TO-Do
- [X] Integrate NGINX in the Docker image
- [ ] Upload Kibana Dashboards
- [ ] Add Winlogbeat scripts & files
- [ ] Add/Ingest samples logs to the HELK
- [ ] Install Elastalert
- [ ] Create Elastalert rules

More coming soon...
Update README.md 2017-05-26 06:11:09 +00:00			`# HELK [Beta]`
update README instructions & elasticsearch config 2017-06-07 01:40:53 +00:00			`The incredible HELK (Hunting, Elasticsearch, Logstash, Kibana) VM.`
Update README.md 2017-04-14 05:29:04 +00:00
Update README.md 2017-06-29 15:21:59 +00:00			`# Goals`
			`* Provide a free hunting platform to the community and share the basics of Threat Hunting.`
			`* Make sense of a large amount of event logs and add more context to suspicious events during hunting.`
			`* Expedite the time it takes to deploy an ELK stack.`
			`* Improve the testing of hunting use cases in an easier and more affordable way.`

			`# Resources`
			`* [Setting up a Pentesting.. I mean, a Threat Hunting Lab - Part 5](https://cyberwardog.blogspot.com/2017/02/setting-up-pentesting-i-mean-threat_98.html)`
			`* [Elastic Producs](https://www.elastic.co/products)`
			`* [docker-elk](https://github.com/deviantony/docker-elk)`

Update README.md 2017-05-26 06:11:09 +00:00			`# Getting Started`

bash scripts and docker-compose update 2017-06-06 21:30:52 +00:00			`## Requirements`
Update README.md 2017-05-26 06:11:09 +00:00			`* OS: Ubuntu-16.04.2 Server amd64 (Tested)`
			`* Network Connection: NAT or Bridge`
			`* RAM: 4GB (minimum)`
bash scripts and docker-compose update 2017-06-06 21:30:52 +00:00			`* Applications:`
			`* Docker & Docker-compose (Needed for HELK Docker Installation ONLY)`

			`### Installing Docker & Docker-compose`
			`If you decide to build,(re)create, start and attach the specific containters needed for the HELK services (Elasticsearch, Logstash & Kibana), you will have to install Docker and Docker-compose first.`

			```
			`git clone https://github.com/Cyb3rWard0g/HELK.git`
			`cd HELK/scripts`
			`sudo ./helk_docker_install.sh`
			```

			`## HELK Installation`
updated scripts & docker-compose to integrate stable nginx config 2017-06-08 04:54:25 +00:00			`The HELK can be installed via a bash script or a docker-compose file. After installing the HELK, browse to your HELK (host) IP address and log on with username:helk & password:hunting.`
bash scripts and docker-compose update 2017-06-06 21:30:52 +00:00
			`### Bash Script`
			```
final updates disabling xpack 2017-06-07 05:48:59 +00:00			`sudo git clone https://github.com/Cyb3rWard0g/HELK.git`
bash scripts and docker-compose update 2017-06-06 21:30:52 +00:00			`cd HELK/scripts`
update README instructions 2017-06-06 21:47:09 +00:00			`sudo ./helk_install.sh`
bash scripts and docker-compose update 2017-06-06 21:30:52 +00:00			```

			`### Docker-compose`
			```
final updates disabling xpack 2017-06-07 05:48:59 +00:00			`sudo git clone https://github.com/Cyb3rWard0g/HELK.git`
bash scripts and docker-compose update 2017-06-06 21:30:52 +00:00			`cd HELK`
update README instructions 2017-06-06 21:47:09 +00:00			`sudo docker-compose up`
bash scripts and docker-compose update 2017-06-06 21:30:52 +00:00			```

Update README.md 2017-06-29 15:21:59 +00:00			`# Author`
bash scripts and docker-compose update 2017-06-06 21:30:52 +00:00			`* Roberto Rodriguez [@Cyb3rWard0g](https://twitter.com/Cyb3rWard0g)`
Update README.md 2017-05-26 06:11:09 +00:00
Update README.md 2017-06-29 15:21:59 +00:00			`# Contributors`

			`# Contributing`
			`There are a few things that I would like to accomplish with the HELK as shown in the To-Do list below, but I would also woult love to make the HELK a stable build for everyone in the community. If you are interested on making this build a more robust one and adding some cool features to it, PLEASE feel free to submit a pull request. #SharingIsCaring`

			`# TO-Do`
updated scripts & docker-compose to integrate stable nginx config 2017-06-08 04:54:25 +00:00			`- [X] Integrate NGINX in the Docker image`
update README instructions 2017-06-06 21:47:09 +00:00			`- [ ] Upload Kibana Dashboards`
			`- [ ] Add Winlogbeat scripts & files`
			`- [ ] Add/Ingest samples logs to the HELK`
			`- [ ] Install Elastalert`
			`- [ ] Create Elastalert rules`
Update README.md fixed markdown code and subtitles 2017-05-26 06:31:12 +00:00
			`More coming soon...`
Update README.md 2017-04-14 05:29:04 +00:00