infosecn1nja
/
HELK
mirror of https://github.com/infosecn1nja/HELK.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
445 Commits
4 Branches
12 Tags
262 MiB
Commit Graph

445 Commits (5f41d379b877ebfbd6117f643dbb75f634647ddd)

Author SHA1 Message Date
Nate Guagenti 5f41d379b8
update issue template 2019-11-13 15:32:25 -05:00
Roberto Rodriguez ca242ec8a6
Update Custom.md 2019-11-13 10:51:40 -08:00
Nate Guagenti 9a90e05f73
Merge pull request #373 from Cyb3rWard0g/hotfixes-20191107 
hotfix 20191107
 2019-11-07 08:13:24 -05:00
neu5ron 8e59630f8d pipeline hotfix, double "{" 2019-11-07 08:11:36 -05:00
Nate Guagenti 038f692d66
Merge pull request #371 from mwilson32900/windows-channel-names 
change channel values
 2019-11-03 15:42:22 -05:00
mwilson32900 fab68b16f3 change channel values 2019-10-29 21:28:14 -04:00
Cyb3rWard0g e990fd21a0 Update helk_install.sh 
fix https://github.com/Cyb3rWard0g/HELK/issues/313
 2019-10-09 00:37:30 -04:00
Nate Guagenti 2cf253e5de
Merge pull request #356 from Cyb3rWard0g/winlogbeat-configs 
winlogbeat configuration example
 2019-10-05 17:05:58 -04:00
neu5ron c40d72f909 winlogbeat configuration example 2019-10-05 17:04:47 -04:00
Cyb3rWard0g 530b6ca847 SilkService Pipeline & Kibana Index Update 
+ Create Index automatically
+ Removed nested host
+ updated silketw logstash filter extension
 2019-10-03 00:48:10 -04:00
Cyb3rWard0g a81fc35b1a Cleaning Repo 
+ Updated README (initial update)
+ Removed unused files and folders
 2019-10-02 21:50:28 -04:00
Cyb3rWard0g eadc7aa810 Delete helk_sysmon_wevtutil.yml 
fix https://github.com/Cyb3rWard0g/HELK/issues/345
 2019-10-02 21:31:17 -04:00
Cyb3rWard0g a4d3a39a28 Updating ETW configs 
- Updated Logstash Index name
- created index pattern automatically
 2019-09-30 22:17:13 -05:00
Cyb3rWard0g 8a4a9c6b6b THS2019 Additions 
- SilkETW basic configs
 2019-09-30 21:31:15 -05:00
Nate Guagenti 0958c980f0
Merge pull request #347 from Cyb3rWard0g/hotfixes-pipeline 
add handling winlog.user_data
 2019-09-26 12:13:15 -04:00
neu5ron b888a4abfc handle winlog.user_data 2019-09-26 12:11:25 -04:00
neu5ron bca1f570ac add support to handle winlog.user_data nested field 2019-09-26 12:05:31 -04:00
Nate Guagenti c183411601
Merge pull request #346 from Cyb3rWard0g/hotfixes-pipeline 
geo fields despite schema
 2019-09-26 11:50:31 -04:00
neu5ron 44a2c6b499 keep all geo fields despite taxonomy, for continuity if upstream(NON HELK) changes are made 2019-09-26 11:49:07 -04:00
Roberto Rodriguez c6bad06478
Merge pull request #343 from Cyb3rWard0g/catchall 
windows catchall, before ALL catchall
 2019-09-21 23:34:57 -04:00
neu5ron 91c73b02bf windows catchall, before ALL catchall 2019-09-21 23:28:51 -04:00
Nate Guagenti 1b4b44a83e
Merge pull request #334 from Cyb3rWard0g/temp-sigma-fixes 
encoding fix and elastalert mapping
 2019-09-11 11:03:25 -05:00
Nate Guagenti 3113a243b9
elastalert mapping 2019-09-11 11:00:39 -05:00
Nate Guagenti 479a650bb9
encoding and escaping fix 2019-09-11 10:56:08 -05:00
Nate Guagenti 3ded2f6673
use default GC 2019-09-11 09:29:33 -05:00
Nate Guagenti d567aed3a9
Merge pull request #331 from Cyb3rWard0g/temp-sigma-fixes 
correct OSSEM <> SIGMAC ordering
 2019-09-11 09:19:53 -05:00
Nate Guagenti e02d135bb3
correct OSSEM <> SIGMAC ordering 2019-09-11 09:14:34 -05:00
Roberto Rodriguez 8280d98a72
Merge pull request #330 from Cyb3rWard0g/temporary-elastalert-hotfix 
Temporary elastalert hotfix
 2019-09-11 09:06:33 -04:00
Nate Guagenti 5e9b3ff987
Update Dockerfile 2019-09-10 08:47:11 -04:00
Nate Guagenti 79a5379da3
Update helk-kibana-notebook-analysis-alert-trial.yml 2019-09-10 08:40:00 -04:00
Nate Guagenti a78742bf4a
Update helk-kibana-notebook-analysis-alert-basic.yml 2019-09-10 08:39:21 -04:00
Nate Guagenti 2688a646c8
Update helk-kibana-analysis-alert-trial.yml 2019-09-10 08:38:32 -04:00
Nate Guagenti 15e05216fa
Update helk-kibana-analysis-alert-basic.yml 2019-09-10 08:37:09 -04:00
Nate Guagenti 37da1251ff
authoring-correction 2019-09-09 01:08:56 -04:00
Nate Guagenti 8b544b5508
Merge pull request #323 from Cyb3rWard0g/temp-sigma-fixes 
temprorary-hotfix20190401
 2019-09-04 12:07:51 -04:00
Nate Guagenti 6b366c8f95
temprorary-hotfix20190401 
- correctly sets query for rules not matching an index pattern
- fix Process typo
- correction
- dst_is_ipv6 isn't used anymore and sysmon DestinationIsIpv6 is kept
 2019-09-04 12:03:00 -04:00
cyb3rward0g 10190018f5 Hotfix Jupyter 
https://github.com/Cyb3rWard0g/HELK/issues/315
 2019-08-25 13:39:42 -04:00
cyb3rward0g 9b817f9260 Update helk_remove_containers.sh 
removing specific images.
 2019-08-24 06:51:47 -04:00
cyb3rward0g 3a9b3a0718 Hot Fix 20190824 
Fix https://github.com/Cyb3rWard0g/HELK/issues/316
 2019-08-24 06:41:26 -04:00
Nate Guagenti 5e1a3eb53e
hotfix-2019-08-20 v001 
typo ip type and rfc
 2019-08-20 14:06:35 -04:00
Roberto Rodriguez ad834bd778
Merge pull request #308 from Cyb3rWard0g/pipelining 
Fix #186 and Fix #271
 2019-08-14 12:01:33 -04:00
Roberto Rodriguez 18b9b08c0f
Merge pull request #288 from freeload101/patch-1 
Update helk_install.sh
 2019-07-10 11:59:16 -04:00
Roberto Rodriguez 4242672c4a
Merge pull request #299 from itsnotapt/sysmon_10_changes 
[Feature Request] Added Sysmon 10 new fields and DNSEvent type.
 2019-07-10 11:58:12 -04:00
itsnotapt 5466908ba4
DnsQuery not DnsEvent 2019-07-10 12:55:39 +01:00
Carl Rutherford 04fcc6f118 Added Sysmon 10 new fields and DNSEvent type. 2019-07-10 11:45:48 +01:00
Roberto Rodriguez d10231195d Jupyter Updates 
+ Updated notebooks connection to ES
+ Updaed Jupyter Image
 2019-07-07 19:58:44 -04:00
Roberto Rodriguez a177a8b165 Update helk_install.sh 
fix https://github.com/Cyb3rWard0g/HELK/issues/298
 2019-07-07 16:57:49 -04:00
neu5ron 8088efa28b track & install latest docker compose. #186 2019-07-07 00:41:30 -04:00
neu5ron 2cdc233a27 process_granted_access as decimal. fixes #271 2019-07-06 21:17:32 -04:00
neu5ron e463c7d554 track & install latest docker compose. fixed #186 2019-07-06 21:16:30 -04:00