Commit Graph

29 Commits (19d04e0d43f0d2fd5afe3c13a7436d6c4481f771)

Author SHA1 Message Date
neu5ron ce102c8328 use custom logstash, fixes some more things with plugins. additionally monitoring is not limited to x-pack only now. also, use same logstash.yml now too :) 2020-01-22 17:32:49 -05:00
neu5ron ae3275e6f1 elastic stack 7.5.2 2020-01-21 18:21:25 -05:00
neu5ron 92cfbe0077 for basic license use upstream logstash 2020-01-15 15:32:53 -05:00
neu5ron 9e1cc0b5da add new image repo's and build one's that need built 2020-01-15 13:14:38 -05:00
Roberto Rodriguez 4cc46f99c9 Updated Jupyter Mode 2020-01-10 21:26:15 -05:00
Cyb3rWard0g c6c272c2e6 Updating pipeline
+ added new topic to replace winlogbeat in future updates
+ updated nxlog mordor to test raw events
2020-01-05 17:44:25 -05:00
Cyb3rWard0g 1eb3dfe3c2 Updated Mordor Pipeline
+ separated pipelines
+ main (OSSEM) & Mordor
+ renamed Kafka topic to mordor
- removed unused/forgotten/deprecated/old enrichments
2020-01-04 19:47:38 -05:00
Cyb3rWard0g b536f48acd Logstash container docker compose update 2020-01-04 01:28:45 -05:00
neu5ron 04215320fe merge mordor nxlog 2020-01-03 12:19:57 -05:00
neu5ron f33797744f separate OS, scripts, software, and other updates from logstash configs, schema, dashboards, kql queries, elasticsearch indexes from 2019-12-30 15:05:04 -05:00
Cyb3rWard0g 7b297e65da Enabled Mordor Ingestion via NXLog 2019-12-03 02:03:23 -05:00
Cyb3rWard0g 75da37ac92 quick fixes
fix https://github.com/Cyb3rWard0g/HELK/issues/382
fix https://github.com/Cyb3rWard0g/HELK/issues/377
2019-11-27 02:30:57 -05:00
Roberto Rodriguez 37b9f6ba48 Nginx Config 2019-05-29 19:43:36 -04:00
Roberto Rodriguez ab8053fdd9 Updated Volumes for ES and Jupyter 2019-05-29 18:56:19 -04:00
Roberto Rodriguez 7bb5b992b7 HELK Options
+ Updated Jupyter notebooks
+  Updated helk_install script to allow builds without Elastalert
2019-05-29 18:50:00 -04:00
Roberto Rodriguez 491221bcd9 HELK 7.1.0 Kibana and Notebook Basic license passing 2019-05-21 07:30:12 -07:00
Roberto Rodriguez a21575d16e Elastalert - SIGMA update 2019-05-20 21:51:24 -07:00
Roberto Rodriguez 513227fc38 Testing ELK 7.0.1
- Updated Spark to 2.4.3
- Updated Docker compose files
- Updating Elastalert
2019-05-17 14:51:56 -04:00
Roberto Rodriguez e819329f7a [HOT FIX] Mainly Jupyter and Logstash Updates
HELK-JUPYTER
+ Miniconda3 to handle python packages
+ Python 3.7
+ Container not running as root
+ new entrypoint and cmd scripts
+ postgres not running as root and under the same container
+ Spark Jar and Python dependencies provided offline (not downloading from maven directly - Sometimes this fails)
+ Jupyter PySpark kernel using conda to run ipykernel module
+ PYSPARK_PYTHON Python 3.7

HELK-LOGSTASH
+ Fix https://github.com/Cyb3rWard0g/HELK/issues/217
2019-03-11 09:00:54 -04:00
Roberto Rodriguez 1389aae218 [HOT FIX] 03042019
fix https://github.com/Cyb3rWard0g/HELK/issues/215
- Logstash plugins offline install (default)
- Logstash mutate statements update
- ES Memory Calculation fix
- Compose files typo
2019-03-04 10:03:39 -05:00
Roberto Rodriguez 5986ff4e2b KSQL Images version update
Updated KSQL Server and CLI to 5.1.2
2019-02-24 16:00:57 -05:00
Roberto Rodriguez c6b6d7c881 [HOT FIX] Jupyter & Logstash
helk-Jupyter
+ Deleted several notebooks that were repeating code and exercises
+ Consolidated notebooks to show the basics of python, pandas, Spark SQL, Pyspark and Graphframes
+ Updated pip libraries

helk-logstash
+ removed 999 pipeline output config since it was affecting logstash start
+ added z_originial_message condition when fingerprinting events. That helps for when I want to replicate events that have been already parsed by helk-logstash
2019-02-23 19:40:01 -05:00
neu5ron 97b271b00f ELK 6.6.1 :)
also logstash port 8531 for nxlog tcp input :)
2019-02-22 03:13:14 -05:00
Roberto Rodriguez 4184706206 [HOT-FIX] 02022019
helk-Elasticsearch
- Adjusted ES JAVA OPTs (Heap size) calculations

helk-jupyter
+ Upgraded image to 0.1.0
+ Updated graphframes to 0.7.0
+ fix https://github.com/Cyb3rWard0g/HELK/issues/161
+ fix https://github.com/Cyb3rWard0g/HELK/issues/163

helk-logstash
+ fix https://github.com/Cyb3rWard0g/HELK/issues/162
2019-02-02 03:17:25 -05:00
Roberto Rodriguez c7086ab9c6 [HOT FIX] 01312019
helk ELK
Updated to version 6.5.4

helk-logstash
fix https://github.com/Cyb3rWard0g/HELK/issues/156
+ Pipeline Updated
++ More security events
++ Reduced regex complexity to split process paths to process names
++ Enabled Kafka output again for Win Security and Win Sysmon logs
++ Added more win security conversion events

helk-elastalert
fix https://github.com/Cyb3rWard0g/HELK/issues/157
fix https://github.com/Cyb3rWard0g/HELK/issues/159

ELK:
+ Consolidated ELK scripts to one per container instead of trial and basic

helk-sigma
+ Updated own fork

helk-jupyter
+ Updated Elastic ES-Hadoop to 6.5.4

helk-jupyter
+ jupyterlab-manager widgets
+ Updated pandas 0.24.0
+ Updated altair 2.3.0
2019-01-31 11:29:49 -05:00
richiercyrus 240a8262ff Initial filebeat changes for osquery intergration 2019-01-05 11:00:10 -05:00
Roberto Rodriguez eecd5f6c09 Update KSQL Post Additions 2018-12-24 15:12:56 -05:00
Roberto Rodriguez 6cc8a6bf3a Updated a few typos
fix https://github.com/Cyb3rWard0g/HELK/issues/134
fix https://github.com/Cyb3rWard0g/HELK/issues/133
2018-12-14 09:59:02 -05:00
Roberto Rodriguez 181c851a9e v0.1.6-alpha12132018
HELK base image
+ Updated to 0.0.3

HELK ELK Version
+ Now using 6.5.3 official ELK Docker Images (https://www.elastic.co/blog/elastic-stack-6-5-3-released)

helk_install
+ Users can now select between two deployments:
++ helk-kibana-analysis (KAFKA + KSQL + ELK + NGNIX + ELASTALERT)
++ helk-kibana-notebooks (KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER)
+ Fixed https://github.com/Cyb3rWard0g/HELK/issues/131 . Users can now set up the Kibana UI User password during installation. Also, user can set the Elasticsearch elastic account password when using the Trial license option.

helk-elastalert
+ Elastalert deployed and ready to use with SIGMA integration. Blog available at https://medium.com/@Cyb3rWard0g

helk-elasticsearch
+ consolidated main configs in one
+ added more environment variables for ELASTIC_PASSWORD and default values in case it is not used to be compatible with the default values applied to HELK.

helk-logstash
+ updated to 6.5.3
+ simplified pipeline to have only one folder
+ logstash-entrypoint script can now enable elastic password on all logstash output conf files.
+ New environment variables (ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT)

helk-nginx
+ split the default config for the two deployment options (helk-kibana-analysis (trial/base) and helk-kibana-notebook-analysis (trial/base)

helk-kibana
+ Updated to version 6.5.3
+ Added new environment variables (ELASTICSEARCH_URL, SERVER_HOST, SERVER_PORT, ELASTIC_PASSWORD, ELASTIC_HOST, ELASTIC_PORT, ELASTICSEARCH_USERNAME, ELASTICSEARCH_PASSWORD, KIBANA_UI_PASSWORD) and logic to make the build more dynamic

helk-jupyter
+ updated Jupyterlab to 0.35.4
+ updated jupyterhub to 0.9.4
+ updated jupyterlab hub extension to 0.12.0
+ updated ES_HADOOP to 6.5.3
+ updated org.apache.spark:spark-sql-kafka-0-10_2.11:2.4.0
+ Added extra notebooks to test deployment and provide more information for analyst experiencing Jupyter for the first time

helk-kafka-base
+ reduced docker container size
+ updated Kafka to 2.1.0 (this affects Kafka brokers and zookeeper)

helk-kafka-broker
+ User can now define a list of topics to be created via the new environment variable KAFKA_CREATE_TOPICS. That needs to be defined either in the docker-compose file or while running the docker container on its own.

helk-zookeeper
+ reduced size of container
+ updated build to kafka 2.1.0

helk-KSQL
+ initial integration of KSQL
+ KSQL Server and KSQL CLI are available
+ Blog post coming soon ;)
2018-12-14 00:27:17 +03:00