infosecn1nja
/
HELK
mirror of https://github.com/infosecn1nja/HELK.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
512 Commits
4 Branches
12 Tags
262 MiB
Commit Graph

512 Commits (a47075594dcea923692825d3c81706409cd5e836)

Author SHA1 Message Date
neu5ron 161f64cecd show user location to track output 2020-01-03 04:14:57 -05:00
neu5ron 4370a567f6 use variable for log location 2020-01-03 03:57:25 -05:00
neu5ron 21ecb210dc revert to NON testing sigma repo 2020-01-03 03:25:36 -05:00
neu5ron f8bab24839 Merge remote-tracking branch 'origin/master' 2020-01-03 03:22:50 -05:00
neu5ron 55cb06eb88 longer option for IP choice 2020-01-03 03:22:33 -05:00
neu5ron 6f64a1eb6e longer option for IP choice 2020-01-03 03:12:05 -05:00
neu5ron b03720379e add prompts for custom password and custom kafka IP 2020-01-03 03:09:55 -05:00
neu5ron 70034ef539 add note to create custom passwords and to save them for in the future when they need them! 2020-01-03 02:41:41 -05:00
neu5ron 49ba0aff00 7.5.1 2020-01-01 16:07:17 -05:00
neu5ron eb6ed5c6b5 Merge branch 'pull/338' 
# Conflicts:
#	docker/helk_update.sh
 2020-01-01 16:03:12 -05:00
neu5ron 2269dce8b0 test new sigma via my repo 2019-12-31 18:22:18 -05:00
neu5ron f33797744f separate OS, scripts, software, and other updates from logstash configs, schema, dashboards, kql queries, elasticsearch indexes from 2019-12-30 15:05:04 -05:00
Nate Guagenti 6a0c544eea
Update Custom.md 
add winlogbeat version to issue template
 2019-12-18 08:44:08 -05:00
Cyb3rWard0g 7b297e65da Enabled Mordor Ingestion via NXLog 2019-12-03 02:03:23 -05:00
Cyb3rWard0g 75da37ac92 quick fixes 
fix https://github.com/Cyb3rWard0g/HELK/issues/382
fix https://github.com/Cyb3rWard0g/HELK/issues/377
 2019-11-27 02:30:57 -05:00
Nate Guagenti 1894ebd1c2
Merge pull request #378 from Cyb3rWard0g/issue-template 
update issue template
 2019-11-13 15:36:53 -05:00
Nate Guagenti 5f41d379b8
update issue template 2019-11-13 15:32:25 -05:00
Roberto Rodriguez ca242ec8a6
Update Custom.md 2019-11-13 10:51:40 -08:00
Nate Guagenti 9a90e05f73
Merge pull request #373 from Cyb3rWard0g/hotfixes-20191107 
hotfix 20191107
 2019-11-07 08:13:24 -05:00
neu5ron 8e59630f8d pipeline hotfix, double "{" 2019-11-07 08:11:36 -05:00
Nate Guagenti 038f692d66
Merge pull request #371 from mwilson32900/windows-channel-names 
change channel values
 2019-11-03 15:42:22 -05:00
mwilson32900 fab68b16f3 change channel values 2019-10-29 21:28:14 -04:00
Cyb3rWard0g e990fd21a0 Update helk_install.sh 
fix https://github.com/Cyb3rWard0g/HELK/issues/313
 2019-10-09 00:37:30 -04:00
Nate Guagenti 2cf253e5de
Merge pull request #356 from Cyb3rWard0g/winlogbeat-configs 
winlogbeat configuration example
 2019-10-05 17:05:58 -04:00
neu5ron c40d72f909 winlogbeat configuration example 2019-10-05 17:04:47 -04:00
Cyb3rWard0g 530b6ca847 SilkService Pipeline & Kibana Index Update 
+ Create Index automatically
+ Removed nested host
+ updated silketw logstash filter extension
 2019-10-03 00:48:10 -04:00
Cyb3rWard0g a81fc35b1a Cleaning Repo 
+ Updated README (initial update)
+ Removed unused files and folders
 2019-10-02 21:50:28 -04:00
Cyb3rWard0g eadc7aa810 Delete helk_sysmon_wevtutil.yml 
fix https://github.com/Cyb3rWard0g/HELK/issues/345
 2019-10-02 21:31:17 -04:00
Cyb3rWard0g a4d3a39a28 Updating ETW configs 
- Updated Logstash Index name
- created index pattern automatically
 2019-09-30 22:17:13 -05:00
Cyb3rWard0g 8a4a9c6b6b THS2019 Additions 
- SilkETW basic configs
 2019-09-30 21:31:15 -05:00
Nate Guagenti 0958c980f0
Merge pull request #347 from Cyb3rWard0g/hotfixes-pipeline 
add handling winlog.user_data
 2019-09-26 12:13:15 -04:00
neu5ron b888a4abfc handle winlog.user_data 2019-09-26 12:11:25 -04:00
neu5ron bca1f570ac add support to handle winlog.user_data nested field 2019-09-26 12:05:31 -04:00
Nate Guagenti c183411601
Merge pull request #346 from Cyb3rWard0g/hotfixes-pipeline 
geo fields despite schema
 2019-09-26 11:50:31 -04:00
neu5ron 44a2c6b499 keep all geo fields despite taxonomy, for continuity if upstream(NON HELK) changes are made 2019-09-26 11:49:07 -04:00
Roberto Rodriguez c6bad06478
Merge pull request #343 from Cyb3rWard0g/catchall 
windows catchall, before ALL catchall
 2019-09-21 23:34:57 -04:00
neu5ron 91c73b02bf windows catchall, before ALL catchall 2019-09-21 23:28:51 -04:00
Dev Dua 5437f55f05 Updated helk_update.sh 2019-09-16 12:58:19 +05:30
Nate Guagenti 1b4b44a83e
Merge pull request #334 from Cyb3rWard0g/temp-sigma-fixes 
encoding fix and elastalert mapping
 2019-09-11 11:03:25 -05:00
Nate Guagenti 3113a243b9
elastalert mapping 2019-09-11 11:00:39 -05:00
Nate Guagenti 479a650bb9
encoding and escaping fix 2019-09-11 10:56:08 -05:00
Nate Guagenti 3ded2f6673
use default GC 2019-09-11 09:29:33 -05:00
Nate Guagenti d567aed3a9
Merge pull request #331 from Cyb3rWard0g/temp-sigma-fixes 
correct OSSEM <> SIGMAC ordering
 2019-09-11 09:19:53 -05:00
Nate Guagenti e02d135bb3
correct OSSEM <> SIGMAC ordering 2019-09-11 09:14:34 -05:00
Roberto Rodriguez 8280d98a72
Merge pull request #330 from Cyb3rWard0g/temporary-elastalert-hotfix 
Temporary elastalert hotfix
 2019-09-11 09:06:33 -04:00
Nate Guagenti 5e9b3ff987
Update Dockerfile 2019-09-10 08:47:11 -04:00
Nate Guagenti 79a5379da3
Update helk-kibana-notebook-analysis-alert-trial.yml 2019-09-10 08:40:00 -04:00
Nate Guagenti a78742bf4a
Update helk-kibana-notebook-analysis-alert-basic.yml 2019-09-10 08:39:21 -04:00
Nate Guagenti 2688a646c8
Update helk-kibana-analysis-alert-trial.yml 2019-09-10 08:38:32 -04:00
Nate Guagenti 15e05216fa
Update helk-kibana-analysis-alert-basic.yml 2019-09-10 08:37:09 -04:00