HELK-JUPYTER
+ Miniconda3 to handle python packages
+ Python 3.7
+ Container not running as root
+ new entrypoint and cmd scripts
+ postgres not running as root and under the same container
+ Spark Jar and Python dependencies provided offline (not downloading from maven directly - Sometimes this fails)
+ Jupyter PySpark kernel using conda to run ipykernel module
+ PYSPARK_PYTHON Python 3.7
HELK-LOGSTASH
+ Fix https://github.com/Cyb3rWard0g/HELK/issues/217
helk-logstash
+ Added offline plugins file
+ Updated win security conversion
+ cleaned process-name filter & process-name-split configs
+ cleaned process-id filter & proces-id conversion configs
+ set kafka max poll records to 500
+ updated SOURCE_ & TARGET_ field names from process entity to be renamed process_source_ and process_target. Following the basic `entity_context_property` from OSSEM CIM
helk-Jupyter
+ Deleted several notebooks that were repeating code and exercises
+ Consolidated notebooks to show the basics of python, pandas, Spark SQL, Pyspark and Graphframes
+ Updated pip libraries
helk-logstash
+ removed 999 pipeline output config since it was affecting logstash start
+ added z_originial_message condition when fingerprinting events. That helps for when I want to replicate events that have been already parsed by helk-logstash
#175
- drastically reduce minimum requirements
- update docker-ce
- automatically choose option 1 if not enough computer for option 2, warns user as well
- spacing & newline cleanup
- a bit better variabling for echo'ing messages/info
- an additional systctl vm.max_map_count modification for really large deployments
helk ELK
Updated to version 6.5.4
helk-logstash
fix https://github.com/Cyb3rWard0g/HELK/issues/156
+ Pipeline Updated
++ More security events
++ Reduced regex complexity to split process paths to process names
++ Enabled Kafka output again for Win Security and Win Sysmon logs
++ Added more win security conversion events
helk-elastalert
fix https://github.com/Cyb3rWard0g/HELK/issues/157
fix https://github.com/Cyb3rWard0g/HELK/issues/159
ELK:
+ Consolidated ELK scripts to one per container instead of trial and basic
helk-sigma
+ Updated own fork
helk-jupyter
+ Updated Elastic ES-Hadoop to 6.5.4
helk-jupyter
+ jupyterlab-manager widgets
+ Updated pandas 0.24.0
+ Updated altair 2.3.0
neu5ron
Nate Guagenti
Roberto Rodriguez
Aaron Jewitt
Aaron Jewitt
aaron
nicholasaleks
Dev Dua