infosecn1nja/HELK - HELK

Commit Graph

Author	SHA1	Message	Date
Roberto Rodriguez	c43eaa08e3	HELK 6.2.3 - 032218 Docker-Compose file + Updated Image versions ++ helk-elk:6.2.3 ++ helk-kafka:1.0.1 ++ helk-analytics:0.0.2 HELK-ANALYTICS + Upgraded spark to version 2.3.0 ++ Check release notes: https://spark.apache.org/releases/spark-release-2-3-0.html + Upgraded Jupyter Lab to 0.31.12 + Downgraded Tornado to version 4.* This is due to an error in dependencies happening in version 5.0 with python 3. + Upgraded ES-Hadoop package to version 6.2.3 ++ Check release notes: https://www.elastic.co/guide/en/elasticsearch/hadoop/6.2/eshadoop-6.2.3.html HELK-ELK + Upgraded elastic components to 6.2.3 ++ Check elasticsearch release notes: https://www.elastic.co/guide/en/elasticsearch/reference/6.2/release-notes-6.2.3.html ++ No changes for Kibana ++ Check Logstash release notes: https://www.elastic.co/guide/en/logstash/6.2/logstash-6-2-3.html + Logstash kafka input now adds metadata from kafka. Topic name, etc. + Fingerprint plugin in logstash config 09-all-filter.con is applied to only events with the message field. + logstash config 11-winevent-sysmon-filter.conf ++ removed field "user". This was causing issues when parsing events with Spark. HELK-KAFKA + Upgraded Kafka to version 2.11-1.0.1 ++ Check kafka release notes: https://www.apache.org/dist/kafka/1.0.1/RELEASE_NOTES.html + Removed sleep time for kafka init file + updated kafka entrypoint updating version values HELK helk_install main script + Fixed docker & docker-compose installation steps. This fixes issue https://github.com/Cyb3rWard0g/HELK/issues/33 HELK Winlogbeat install script + Updated beat version to 6.2.3	2018-03-22 03:32:21 -04:00
Roberto Rodriguez	979310193b	Create start-winlogbeat.ps1 first draft	2017-12-04 12:14:12 -08:00

Author

SHA1

Message

Date

Roberto Rodriguez

c43eaa08e3

HELK 6.2.3 - 032218

Docker-Compose file
+ Updated Image versions
++ helk-elk:6.2.3
++ helk-kafka:1.0.1
++ helk-analytics:0.0.2

HELK-ANALYTICS
+ Upgraded spark to version 2.3.0
++ Check release notes: https://spark.apache.org/releases/spark-release-2-3-0.html
+ Upgraded Jupyter Lab to 0.31.12
+ Downgraded Tornado to version 4.* This is due to an error in dependencies happening in version 5.0 with python 3.
+ Upgraded ES-Hadoop package to version 6.2.3
++ Check release notes:
https://www.elastic.co/guide/en/elasticsearch/hadoop/6.2/eshadoop-6.2.3.html

HELK-ELK
+ Upgraded elastic components to 6.2.3
++ Check elasticsearch release notes:
https://www.elastic.co/guide/en/elasticsearch/reference/6.2/release-notes-6.2.3.html
++ No changes for Kibana
++ Check Logstash release notes:
https://www.elastic.co/guide/en/logstash/6.2/logstash-6-2-3.html
+ Logstash kafka input now adds metadata from kafka. Topic name, etc.
+ Fingerprint plugin in logstash config 09-all-filter.con is applied to only events with the message field.
+ logstash config 11-winevent-sysmon-filter.conf
++ removed field "user". This was causing issues when parsing events with Spark.

HELK-KAFKA
+ Upgraded Kafka to version 2.11-1.0.1
++ Check kafka release notes:
https://www.apache.org/dist/kafka/1.0.1/RELEASE_NOTES.html
+ Removed sleep time for kafka init file
+ updated kafka entrypoint updating version values

HELK helk_install main script
+ Fixed docker & docker-compose installation steps. This fixes issue https://github.com/Cyb3rWard0g/HELK/issues/33

HELK Winlogbeat install script
+ Updated beat version to 6.2.3

2018-03-22 03:32:21 -04:00

Roberto Rodriguez

979310193b

Create start-winlogbeat.ps1

first draft

2017-12-04 12:14:12 -08:00

2 Commits (bd7df68b59a50e2876312436841121ae04892b93)