infosecn1nja
/
HELK
mirror of https://github.com/infosecn1nja/HELK.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

organized/updated scripts and files

keyword-vs-text-changes
Roberto Rodriguez 2017-08-09 21:12:40 -04:00
parent d2d4a17728
commit 5f11b10f56
7 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docker-compose.yml
View File

@ -8,7 +8,7 @@ version: '2'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:5.4.1
image: docker.elastic.co/elasticsearch/elasticsearch:5.5.1
volumes:
- ./elasticsearch/docker/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
environment:
@ -16,17 +16,17 @@ services:
networks:
- helk
kibana:
image: docker.elastic.co/kibana/kibana:5.4.1
image: docker.elastic.co/kibana/kibana:5.5.1
volumes:
- ./kibana/docker/kibana.yml:/usr/share/config/kibana/kibana.yml
- ./kibana/docker/config/kibana.yml:/usr/share/config/kibana/kibana.yml
depends_on:
- elasticsearch
networks:
- helk
logstash:
image: docker.elastic.co/logstash/logstash:5.4.1
image: docker.elastic.co/logstash/logstash:5.5.1
volumes:
- ./logstash/docker/pipeline/logstash.conf:/usr/share/logstash/pipeline/logstash.conf
- ./logstash/docker/pipeline/:/usr/share/logstash/pipeline/
- ./logstash/docker/config/logstash.yml:/usr/share/logstash/config/logstash.yml
depends_on:
- elasticsearch

0
kibana/docker/kibana.yml → kibana/docker/config/kibana.yml
View File

0
logstash/02-beats-input.conf → logstash/pipeline/02-beats-input.conf
View File

0
logstash/10-powershell-filter.conf → logstash/pipeline/10-powershell-filter.conf
View File

0
logstash/50-elasticsearch-output.conf → logstash/pipeline/50-elasticsearch-output.conf
View File

6
scripts/helk_install.sh
View File

@ -185,9 +185,9 @@ ERROR=$?
fi
echo "[HELK INFO] Copying logstash's .conf files.."
cp -v ../logstash/02-beats-input.conf /etc/logstash/conf.d/ >> $LOGFILE 2>&1
cp -v ../logstash/10-powershell-filter.conf /etc/logstash/conf.d/ >> $LOGFILE 2>&1
cp -v ../logstash/50-elasticsearch-output.conf /etc/logstash/conf.d/ >> $LOGFILE 2>&1
cp -v ../pipeline/logstash/02-beats-input.conf /etc/logstash/conf.d/ >> $LOGFILE 2>&1
cp -v ../pipeline/logstash/10-powershell-filter.conf /etc/logstash/conf.d/ >> $LOGFILE 2>&1
cp -v ../pipeline/logstash/50-elasticsearch-output.conf /etc/logstash/conf.d/ >> $LOGFILE 2>&1
ERROR=$?
if [ $ERROR -ne 0 ]; then
echoerror "Could not copy logstash files (Error Code: $ERROR)."

1
winlogbeat/winlogbeat.yml
View File

@ -23,6 +23,7 @@ winlogbeat.event_logs:
- name: Security
- name: System
- name: Microsoft-windows-sysmon/operational
- name: Microsoft-windows-PowerShell/Operational
event_id: 4103, 4104
#================================ General =====================================