infosecn1nja
/
HELK
mirror of https://github.com/infosecn1nja/HELK.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
597 Commits
4 Branches
12 Tags
262 MiB
Commit Graph

597 Commits (master)

Author SHA1 Message Date
neu5ron 71c77d8f7d make scala download link https and fix incorrect version that caused a 404 link/error fixes #400 2020-01-13 10:29:35 -05:00
neu5ron 1df256419f make scala download link https and fix incorrect version that caused a 404 link/error 2020-01-13 10:26:16 -05:00
neu5ron 771ed2a657 update sigmac. adding fields that were normalized but not in sigmac (ie: ParentProcessName) 2020-01-13 01:21:57 -05:00
Nate Guagenti a73533dcc2
Merge pull request #398 from neu5ron/master 
typo in network_initiated
 2020-01-13 00:23:55 -05:00
neu5ron bafa085494 typo in network_initiated 2020-01-13 00:00:29 -05:00
Roberto Rodriguez 46f3f98446 Sigma to Notebooks Integration 
+ Translated every sigma rule to a notebook to query Elasticsearch via Elasticsearch query strings
+ Uploaded all sigma notebooks.
 2020-01-11 12:59:39 -05:00
Roberto Rodriguez 6e5b834a25
Merge pull request #397 from Cyb3rWard0g/neu5ron-patch-1 
increase elastalert efficiency
 2020-01-10 21:28:14 -05:00
Roberto Rodriguez 4cc46f99c9 Updated Jupyter Mode 2020-01-10 21:26:15 -05:00
Roberto Rodriguez 0ae6f240ba Updating Jupyter Structure 
+ Jupyter hunter 0.0.8 (needs to fix name)
+ Updated Postgresql to 42.2.9
 2020-01-10 21:21:35 -05:00
Nate Guagenti 95ecf3dc34
increase elastalert efficiency 
buffer time needs to be increased to take into many considerations such as log delays or elastalert getting push back 
additionally run every minute to decrease back pressure.
 2020-01-10 20:32:23 -05:00
Nate Guagenti aa1c6a91d9
Merge pull request #396 from neu5ron/master 
update helk script tweak
 2020-01-10 12:09:18 -05:00
neu5ron 24be101533 exit if modified and notify user 2020-01-10 11:26:59 -05:00
neu5ron 4a1c913c5e fix lock of logstash plugin timestamp store 2020-01-09 11:01:49 -05:00
Cyb3rWard0g fa329ccdb1 Update kibana-setup.sh 
fix https://github.com/Cyb3rWard0g/HELK/issues/394
 2020-01-05 21:50:19 -05:00
Cyb3rWard0g 671609b31a quickfix 
fix https://github.com/Cyb3rWard0g/HELK/issues/393
 2020-01-05 21:29:02 -05:00
Cyb3rWard0g c6c272c2e6 Updating pipeline 
+ added new topic to replace winlogbeat in future updates
+ updated nxlog mordor to test raw events
 2020-01-05 17:44:25 -05:00
Cyb3rWard0g 060fdf7a2a Updated nxlog mordor filter 2020-01-05 02:13:05 -05:00
Cyb3rWard0g 1eb3dfe3c2 Updated Mordor Pipeline 
+ separated pipelines
+ main (OSSEM) & Mordor
+ renamed Kafka topic to mordor
- removed unused/forgotten/deprecated/old enrichments
 2020-01-04 19:47:38 -05:00
Cyb3rWard0g b536f48acd Logstash container docker compose update 2020-01-04 01:28:45 -05:00
Roberto Rodriguez 251870c92c
Merge pull request #391 from neu5ron/master 
v0.1.9-alpha01032020
 2020-01-03 12:33:39 -05:00
neu5ron c258054d9e update build versions 2020-01-03 12:26:55 -05:00
neu5ron 04215320fe merge mordor nxlog 2020-01-03 12:19:57 -05:00
neu5ron dc8bce415f revert testing params 2020-01-03 12:13:26 -05:00
neu5ron c84ea9a98d script improvements continued... 2020-01-03 09:24:39 -05:00
neu5ron 72aa8eec6a ask before continuing after git update 2020-01-03 07:31:51 -05:00
neu5ron 63d7ae91ea ask before continuing after git update 2020-01-03 07:01:48 -05:00
neu5ron ebbd962d3d ask before continuing after git update 2020-01-03 06:53:51 -05:00
neu5ron 59ba7bf110 Merge remote-tracking branch 'origin/master' 
# Conflicts:
#	docker/helk_update.sh
 2020-01-03 06:45:28 -05:00
neu5ron c6592c81e0 ask before continuing after git update 2020-01-03 06:44:34 -05:00
neu5ron 1a0268aed4 ask before continuing after git update 2020-01-03 06:41:58 -05:00
neu5ron 1850f21ccb variable the helk update log file 2020-01-03 06:41:44 -05:00
neu5ron a3db0be9b8 ask before continuing after git update 2020-01-03 06:09:20 -05:00
neu5ron fba8c24a7a a variable needed for additions to script 2020-01-03 05:01:07 -05:00
neu5ron 2cf3852187 test 2020-01-03 04:17:49 -05:00
neu5ron 161f64cecd show user location to track output 2020-01-03 04:14:57 -05:00
neu5ron 4370a567f6 use variable for log location 2020-01-03 03:57:25 -05:00
neu5ron 21ecb210dc revert to NON testing sigma repo 2020-01-03 03:25:36 -05:00
neu5ron f8bab24839 Merge remote-tracking branch 'origin/master' 2020-01-03 03:22:50 -05:00
neu5ron 55cb06eb88 longer option for IP choice 2020-01-03 03:22:33 -05:00
neu5ron 6f64a1eb6e longer option for IP choice 2020-01-03 03:12:05 -05:00
neu5ron b03720379e add prompts for custom password and custom kafka IP 2020-01-03 03:09:55 -05:00
neu5ron 70034ef539 add note to create custom passwords and to save them for in the future when they need them! 2020-01-03 02:41:41 -05:00
neu5ron 49ba0aff00 7.5.1 2020-01-01 16:07:17 -05:00
neu5ron eb6ed5c6b5 Merge branch 'pull/338' 
# Conflicts:
#	docker/helk_update.sh
 2020-01-01 16:03:12 -05:00
neu5ron 2269dce8b0 test new sigma via my repo 2019-12-31 18:22:18 -05:00
neu5ron f33797744f separate OS, scripts, software, and other updates from logstash configs, schema, dashboards, kql queries, elasticsearch indexes from 2019-12-30 15:05:04 -05:00
Nate Guagenti 6a0c544eea
Update Custom.md 
add winlogbeat version to issue template
 2019-12-18 08:44:08 -05:00
tcastron c0163fdf02
Update helk_install.sh 
Added some commands for centos users. This solves an issue where HELK didn't install `docker-compose` and made installation impossible.
 2019-12-13 16:38:55 +01:00
Cyb3rWard0g 7b297e65da Enabled Mordor Ingestion via NXLog 2019-12-03 02:03:23 -05:00
Cyb3rWard0g 75da37ac92 quick fixes 
fix https://github.com/Cyb3rWard0g/HELK/issues/382
fix https://github.com/Cyb3rWard0g/HELK/issues/377
 2019-11-27 02:30:57 -05:00