infosecn1nja
/
HELK
mirror of https://github.com/infosecn1nja/HELK.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
512 Commits
4 Branches
12 Tags
262 MiB
Commit Graph

512 Commits (a47075594dcea923692825d3c81706409cd5e836)

Author SHA1 Message Date
tcastron a47075594d
Created helk.xml 
Created this file for the firewall setup script on CentOS
 2020-01-20 10:19:03 +01:00
tcastron a068dbe0bc
Fixed the script to be compliant with the new images 2020-01-16 09:12:19 +01:00
tcastron a1531b3e8b
Fixed unwanted printed message 2020-01-16 08:25:19 +01:00
tcastron 8800ff6e52
Fixed more differences 2020-01-15 16:54:04 +01:00
tcastron 6a991e5fa1
Fixed some differences with the actual script 2020-01-15 16:52:04 +01:00
tcastron d8890c7743
Fixed docker-compose condition 2020-01-15 16:13:49 +01:00
tcastron 60ed63b29a
Updated install script for CentOS compatibility 
I made some small adjustments to make sure that the installation script runs without problem on a CentOS machine.
 2020-01-15 15:57:35 +01:00
tcastron bb1828d65d
Update helk_remove script 
this commit makes the following changes to the script:
- use docker-compose to remove containers, network and volumes
- made sure the script runs on different platforms
- use compose file to remove the helk installation
 2020-01-15 14:49:52 +01:00
Nate Guagenti 0aab44da0d
Merge pull request #406 from neu5ron/hot_fixes 
logstash outline update
 2020-01-14 22:51:04 -05:00
neu5ron ae972f5dfc logstash outline update 2020-01-14 22:50:00 -05:00
Nate Guagenti b597bcbaef
Merge pull request #405 from neu5ron/hot_fixes 
update winlogbeat logging pictures
 2020-01-14 21:52:10 -05:00
neu5ron 4bb657cac1 update winlogbeat logging pictures 2020-01-14 21:12:51 -05:00
Roberto Rodriguez 87f6f06dd6 Update .gitmodules 2020-01-14 18:46:22 -05:00
Roberto Rodriguez b4ce4ed105 Updated repo structure 2020-01-14 18:40:27 -05:00
Roberto Rodriguez 591e80bbbb
Merge pull request #399 from neu5ron/helk_updates_to_master 
update sigmac
 2020-01-13 10:32:28 -05:00
Roberto Rodriguez 7d9d58afa8
Merge pull request #402 from neu5ron/hot_fixes 
scala download
 2020-01-13 10:32:16 -05:00
neu5ron 71c77d8f7d make scala download link https and fix incorrect version that caused a 404 link/error fixes #400 2020-01-13 10:29:35 -05:00
neu5ron 1df256419f make scala download link https and fix incorrect version that caused a 404 link/error 2020-01-13 10:26:16 -05:00
neu5ron 771ed2a657 update sigmac. adding fields that were normalized but not in sigmac (ie: ParentProcessName) 2020-01-13 01:21:57 -05:00
Nate Guagenti a73533dcc2
Merge pull request #398 from neu5ron/master 
typo in network_initiated
 2020-01-13 00:23:55 -05:00
neu5ron bafa085494 typo in network_initiated 2020-01-13 00:00:29 -05:00
Roberto Rodriguez 46f3f98446 Sigma to Notebooks Integration 
+ Translated every sigma rule to a notebook to query Elasticsearch via Elasticsearch query strings
+ Uploaded all sigma notebooks.
 2020-01-11 12:59:39 -05:00
Roberto Rodriguez 6e5b834a25
Merge pull request #397 from Cyb3rWard0g/neu5ron-patch-1 
increase elastalert efficiency
 2020-01-10 21:28:14 -05:00
Roberto Rodriguez 4cc46f99c9 Updated Jupyter Mode 2020-01-10 21:26:15 -05:00
Roberto Rodriguez 0ae6f240ba Updating Jupyter Structure 
+ Jupyter hunter 0.0.8 (needs to fix name)
+ Updated Postgresql to 42.2.9
 2020-01-10 21:21:35 -05:00
Nate Guagenti 95ecf3dc34
increase elastalert efficiency 
buffer time needs to be increased to take into many considerations such as log delays or elastalert getting push back 
additionally run every minute to decrease back pressure.
 2020-01-10 20:32:23 -05:00
Nate Guagenti aa1c6a91d9
Merge pull request #396 from neu5ron/master 
update helk script tweak
 2020-01-10 12:09:18 -05:00
neu5ron 24be101533 exit if modified and notify user 2020-01-10 11:26:59 -05:00
neu5ron 4a1c913c5e fix lock of logstash plugin timestamp store 2020-01-09 11:01:49 -05:00
Cyb3rWard0g fa329ccdb1 Update kibana-setup.sh 
fix https://github.com/Cyb3rWard0g/HELK/issues/394
 2020-01-05 21:50:19 -05:00
Cyb3rWard0g 671609b31a quickfix 
fix https://github.com/Cyb3rWard0g/HELK/issues/393
 2020-01-05 21:29:02 -05:00
Cyb3rWard0g c6c272c2e6 Updating pipeline 
+ added new topic to replace winlogbeat in future updates
+ updated nxlog mordor to test raw events
 2020-01-05 17:44:25 -05:00
Cyb3rWard0g 060fdf7a2a Updated nxlog mordor filter 2020-01-05 02:13:05 -05:00
Cyb3rWard0g 1eb3dfe3c2 Updated Mordor Pipeline 
+ separated pipelines
+ main (OSSEM) & Mordor
+ renamed Kafka topic to mordor
- removed unused/forgotten/deprecated/old enrichments
 2020-01-04 19:47:38 -05:00
Cyb3rWard0g b536f48acd Logstash container docker compose update 2020-01-04 01:28:45 -05:00
Roberto Rodriguez 251870c92c
Merge pull request #391 from neu5ron/master 
v0.1.9-alpha01032020
 2020-01-03 12:33:39 -05:00
neu5ron c258054d9e update build versions 2020-01-03 12:26:55 -05:00
neu5ron 04215320fe merge mordor nxlog 2020-01-03 12:19:57 -05:00
neu5ron dc8bce415f revert testing params 2020-01-03 12:13:26 -05:00
neu5ron c84ea9a98d script improvements continued... 2020-01-03 09:24:39 -05:00
neu5ron 72aa8eec6a ask before continuing after git update 2020-01-03 07:31:51 -05:00
neu5ron 63d7ae91ea ask before continuing after git update 2020-01-03 07:01:48 -05:00
neu5ron ebbd962d3d ask before continuing after git update 2020-01-03 06:53:51 -05:00
neu5ron 59ba7bf110 Merge remote-tracking branch 'origin/master' 
# Conflicts:
#	docker/helk_update.sh
 2020-01-03 06:45:28 -05:00
neu5ron c6592c81e0 ask before continuing after git update 2020-01-03 06:44:34 -05:00
neu5ron 1a0268aed4 ask before continuing after git update 2020-01-03 06:41:58 -05:00
neu5ron 1850f21ccb variable the helk update log file 2020-01-03 06:41:44 -05:00
neu5ron a3db0be9b8 ask before continuing after git update 2020-01-03 06:09:20 -05:00
neu5ron fba8c24a7a a variable needed for additions to script 2020-01-03 05:01:07 -05:00
neu5ron 2cf3852187 test 2020-01-03 04:17:49 -05:00