diff --git a/README.md b/README.md index a49ff61..195921e 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,6 @@ The project is currently in an alpha stage, which means that the code and the fu * **Spark:** A fast and general-purpose cluster computing system. It provides high-level APIs in Java, Scala, Python and R, and an optimized engine that supports general execution graphs. * **GraphFrames:** A package for Apache Spark which provides DataFrame-based Graphs. * **Jupyter Notebook:** An open-source web application that allows you to create and share documents that contain live code, equations, visualizations and narrative text. -* **Sigma:** A generic signature format for log events. All Sigma signatures contained in the repository are preloaded into Kibana. # Resources * [Setting up a Pentesting.. I mean, a Threat Hunting Lab - Part 5](https://cyberwardog.blogspot.com/2017/02/setting-up-pentesting-i-mean-threat_98.html) @@ -33,7 +32,6 @@ The project is currently in an alpha stage, which means that the code and the fu * [Elasticsearch Guide](https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html) * [spujadas elk-docker](https://github.com/spujadas/elk-docker) * [deviantony docker-elk](https://github.com/deviantony/docker-elk) -* [Sigma](https://github.com/Neo23x0/sigma) # Getting Started ## WIKI diff --git a/helk-elk/Dockerfile b/helk-elk/Dockerfile index 84eea85..aec94f7 100644 --- a/helk-elk/Dockerfile +++ b/helk-elk/Dockerfile @@ -26,10 +26,7 @@ RUN echo "[HELK-DOCKER-INSTALLATION-INFO] Updating Ubuntu base image.." \ nano \ python \ python-pip \ - python3-pip \ - unzip \ - git \ - jq + unzip RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \ locale-gen @@ -38,7 +35,6 @@ RUN apt-get -qy clean \ # *********** Upgrading PIP *************** RUN pip install --upgrade pip -RUN pip3 install --upgrade pip # *********** Installing HELK python packages *************** RUN pip install \ @@ -47,7 +43,7 @@ RUN pip install \ # *********** Creating the right directories *************** #RUN bash -c 'mkdir -pv /opt/helk/{scripts,training,otx,es-hadoop,spark,output_templates,dashboards,kafka,elasticsearch,logstash,kibana,cerebro,ksql}' -RUN bash -c 'mkdir -pv /opt/helk/{scripts,otx,output_templates,dashboards,elasticsearch,logstash,kibana,cerebro,ksql,sigma}' +RUN bash -c 'mkdir -pv /opt/helk/{scripts,otx,output_templates,dashboards,elasticsearch,logstash,kibana,cerebro,ksql}' # *********** Adding HELK scripts and files to Container *************** ADD scripts/helk_otx.py /opt/helk/scripts/ @@ -135,10 +131,6 @@ ADD enrichments/otx/ /opt/helk/otx/ RUN cronjob="0 8 * * 1 python /opt/helk/scripts/helk_otx.py" \ && echo "$cronjob" | crontab -# *********** Pulling Sigma Git Repository and install Python dependencies ************* -RUN git clone https://github.com/Neo23x0/sigma.git /opt/helk/sigma -RUN pip3 install -r /opt/helk/sigma/tools/requirements.txt - # *********** Install Cerebro *************** ENV CEREBRO_HOME=/opt/helk/cerebro ENV CEREBRO_LOGS_PATH=/var/log/cerebro @@ -149,4 +141,4 @@ ADD cerebro/cerebro-init /etc/init.d/cerebro # *********** RUN HELK *************** EXPOSE 80 5044 9000 8082 WORKDIR "/opt/helk/scripts/" -ENTRYPOINT ["./elk-entrypoint.sh"] +ENTRYPOINT ["./elk-entrypoint.sh"] \ No newline at end of file diff --git a/helk-elk/scripts/elk-kibana-setup.sh b/helk-elk/scripts/elk-kibana-setup.sh index 183b8ac..3bdc228 100755 --- a/helk-elk/scripts/elk-kibana-setup.sh +++ b/helk-elk/scripts/elk-kibana-setup.sh @@ -17,7 +17,6 @@ KIBANA="http://localhost:5601" TIME_FIELD="@timestamp" DEFAULT_INDEX="logs-endpoint-winevent-sysmon-*" DIR=/opt/helk/dashboards -SIGMA_DIR=/opt/helk/sigma # *********** Setting Index Pattern Array *************** declare -a index_patterns=("logs-endpoint-*" "logs-*" "logs-endpoint-winevent-sysmon-*" "logs-endpoint-winevent-security-*" "logs-endpoint-winevent-system-*" "logs-endpoint-winevent-application-*" "logs-endpoint-winevent-wmiactivity-*" "logs-endpoint-winevent-powershell-*") @@ -47,8 +46,3 @@ do -H 'Content-type:application/json' -d @${file} || exit 1 echo done - -# *********** Loading Sigma searches *************** -cd $SIGMA_DIR -tools/sigmac -t kibana -c tools/config/helk.yml -Ooutput=curl -o import-sigma-to-kibana.sh -r rules/ -. import-sigma-to-kibana.sh