From 845895ccca52617b1cbf1dbc745a88bed384355c Mon Sep 17 00:00:00 2001
From: Roberto Rodriguez <rrodri0622@gmail.com>
Date: Sun, 17 Dec 2017 15:44:43 -0500
Subject: [PATCH] Updated INTEL files and Install script

---
 .gitignore                                    |   3 ++
 .../otx/otx_imphash_.csv                      |   0
 .../intel => enrichments}/otx/otx_ipv4_.csv   |   0
 .../intel => enrichments}/otx/otx_md5_.csv    |   0
 .../intel => enrichments}/otx/otx_sha1_.csv   |   0
 .../intel => enrichments}/otx/otx_sha256_.csv |   0
 logstash/intel/.DS_Store                      | Bin 8196 -> 0 bytes
 scripts/helk_install.sh                       |  31 ++++++++++++++++++
 8 files changed, 34 insertions(+)
 create mode 100644 .gitignore
 rename {logstash/intel => enrichments}/otx/otx_imphash_.csv (100%)
 rename {logstash/intel => enrichments}/otx/otx_ipv4_.csv (100%)
 rename {logstash/intel => enrichments}/otx/otx_md5_.csv (100%)
 rename {logstash/intel => enrichments}/otx/otx_sha1_.csv (100%)
 rename {logstash/intel => enrichments}/otx/otx_sha256_.csv (100%)
 delete mode 100644 logstash/intel/.DS_Store

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e5ba965
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+
+logstash/.DS_Store
+.DS_Store
diff --git a/logstash/intel/otx/otx_imphash_.csv b/enrichments/otx/otx_imphash_.csv
similarity index 100%
rename from logstash/intel/otx/otx_imphash_.csv
rename to enrichments/otx/otx_imphash_.csv
diff --git a/logstash/intel/otx/otx_ipv4_.csv b/enrichments/otx/otx_ipv4_.csv
similarity index 100%
rename from logstash/intel/otx/otx_ipv4_.csv
rename to enrichments/otx/otx_ipv4_.csv
diff --git a/logstash/intel/otx/otx_md5_.csv b/enrichments/otx/otx_md5_.csv
similarity index 100%
rename from logstash/intel/otx/otx_md5_.csv
rename to enrichments/otx/otx_md5_.csv
diff --git a/logstash/intel/otx/otx_sha1_.csv b/enrichments/otx/otx_sha1_.csv
similarity index 100%
rename from logstash/intel/otx/otx_sha1_.csv
rename to enrichments/otx/otx_sha1_.csv
diff --git a/logstash/intel/otx/otx_sha256_.csv b/enrichments/otx/otx_sha256_.csv
similarity index 100%
rename from logstash/intel/otx/otx_sha256_.csv
rename to enrichments/otx/otx_sha256_.csv
diff --git a/logstash/intel/.DS_Store b/logstash/intel/.DS_Store
deleted file mode 100644
index 220da285ea7f327ef6a44bcd12beb04098ee52f9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 8196
zcmeHLO;8*~6n<|ZWM%@P!33Bj3tJ#cA_+f%V62cVEU`ib4QBZbi7?BIFgncO&MeE1
zM5?@~6+Kv$SjoxKi>VweW9cauFEKgjAyR@?dGO#tFCHx|t@8EsY!V<`)k>zTreAlz
z_qzLi{mt}r0|0hr^d^7`0Fdb6l5L~x0g3DRvmr%-mVA;({@_lhEGI>^+o|ad)?q`4
zK!`wyK!`wyK#0Kq0Rh^xd6G8S_k}jhLj*zu9!UiF_aR0Pm+?R@3F&`2DD#g1B>54*
zPgG{SKr$A{cp#UABn>4Lt|Wyk21g7O?$jO&?Bao35>mJW28Ry}M#kWTg8t~#f6O-r
zj0+j&Ap#)+8xi2IPaZhn!E7pf|M}fAU9Yim1tWR+TMD*Hk|HTZ%DLpElTCV>mvK9_
z^a!u@YTjfjDEB#zb+@dg223M6%623i+tW<jNc+yFZji~@LDSZqY^Rg4b=U7FDHM_<
zOY$hISXgLkZmy3twX`nQ#}?Y!8tY>%2M;YS%2Ii4Q+xN=)ZF~SYm4VEi-<7zDnRkN
z2(R1=&vIuH;(8+TUTRu|x0(x2R<@}px|Ned=D1@g&3R*#6}uE&H&uJn#tcO=IPO@P
zDcc=oCF7bkp0PB~=&&qq><)Rxtj9}dTqo@%e8W-3GOlsjAUku$=pt)!E#*C(n)Xb`
zb_a~KOR^^3C?+jmE8H2ae&VUd)@P0;mW#F*vyxIpIYYSEp81k#r2Dg`?oAGB?zmy=
zradt@W4dO_GWu+7$|%8lSzazHuP9P?se5v&^)3>tk%lrU^VN*$&G}<gR;kKaoo4r(
zqw`U8_PHecnwlzA9pRcp+MryQq-D0fxJao}_sL9?`do@vwCq<JWai3!uh63UEo!sU
zA~9X=x3rXDiKaH?u*6QvgEJy*(O9aqOY+dTGc`p)y8f`o;;Q;0AGSwxy;IYMO;fr>
zV;7ZIly%XRhPkdo*ZG8`ns}W6&&NP!d>c`r8d~58^ujRckcA6y5iY@pa1FkI8*mf8
zfp6hESb<ge34Vd!;1Bo{{(`@;0E=-CR$>*#a4)vvA#B4qc3=X#up3Wf68mugM^Hxt
zCvXyN%;GH0;{v{c7w{c?7vIMZ@DuzLuj6NU18?G2cnfdi9bCaxG0RAfr#+&c%kc*)
z1+O9TG`L2K3_pmc(c{l5iT{+R-xmsUKDJ|LWli1w=C&j8yGyuk<?iQ?PZ+@npD8&e
z_)E8jf}F<cuH8zsp9p2lt|xJh+-xf+y|k<nGorC*wM0B&LA5seq(n?+5x=j!`=ScV
zBhvbBh<czwiLx!kPs!IFY*7@JPXrd)rw^01fT$|EQg$oHWSN0Kj8Yp-$P&Z##M_j1
zSK&H*317n<qT7$~GyDp_BM{XJv5cq|!y0@XYw-X!U=ucD3%29YfOI|hJoe%XM7$9^
zhod-#8orDc(aynXoFm#T;(2@>-^91@Z6e@ByhH@Nj92g@{CFMRPUMItBwoEox0z(x
zwj6tcT5{xEYaG@dRs`}yU={rQe|+=%|A#gFFs=}R5CK8}^ShE=oxHFK9Q>>uqi2jB
zp19qTkiH9LYc2w)9vsJg+ZdU0pLigbg!Emh-FGGVFI@!CuSK~3(+UK?o8kV?+4$(C
Fe*iCw(<}f0

diff --git a/scripts/helk_install.sh b/scripts/helk_install.sh
index 892db6a..773e4f2 100755
--- a/scripts/helk_install.sh
+++ b/scripts/helk_install.sh
@@ -218,6 +218,37 @@ ERROR=$?
         echoerror "Could not copy intel files to HELK (Error Code: $ERROR)."
     fi
 
+# *********** Download Neo4j public signing key **********.
+echo "[HELK INFO] Downloading Neo4j public signing key and adding it to the host.."
+wget -O - https://debian.neo4j.org/neotechnology.gpg.key | sudo apt-key add - >> $LOGFILE 2>&1
+ERROR=$?
+    if [ $ERROR -ne 0 ]; then
+        echoerror "Could not download Neo4j public signing key and add it to the host (Error Code: $ERROR)."
+    fi
+
+# *********** Upgrade repository sources **********.
+echo "[HELK INFO] Upgrading repository sources.."
+echo 'deb https://debian.neo4j.org/repo stable/' | sudo tee /etc/apt/sources.list.d/neo4j.list >> $LOGFILE 2>&1
+ERROR=$?
+    if [ $ERROR -ne 0 ]; then
+        echoerror "Could not upgrade repository sources (Error Code: $ERROR)."
+    fi
+
+echo "[HELK INFO] Installing updates.."
+apt-get update >> $LOGFILE 2>&1
+ERROR=$?
+    if [ $ERROR -ne 0 ]; then
+        echoerror "Could not install update (Error Code: $ERROR)."
+    fi
+
+# *********** Install Neo4j **********.
+echo "[HELK INFO] Installing Neo4j.."
+apt-get -y install neo4j >> $LOGFILE 2>&1
+ERROR=$?
+    if [ $ERROR -ne 0 ]; then
+        echoerror "Could not install neo4j (Error Code: $ERROR)."
+    fi
+
 # *********** Installing Logstash ***************
 echo "[HELK INFO] Installing Logstash.."
 apt-get install logstash >> $LOGFILE 2>&1