infosecn1nja/HELK - HELK

Commit Graph

Author	SHA1	Message	Date
neu5ron	d4c9f7f9d1	some notes	2019-09-23 21:18:30 -04:00
neu5ron	350f19dfe7	elasticsearch templates	2019-09-23 21:16:59 -04:00
neu5ron	791cdc0c46	repo location where staged sigmac backend modified	2019-09-23 20:57:32 -04:00
neu5ron	03152606d7	stage for configs for when using keyword as default and .text as subfield	2019-09-23 20:51:22 -04:00
neu5ron	91c73b02bf	windows catchall, before ALL catchall	2019-09-21 23:28:51 -04:00
Nate Guagenti	1b4b44a83e	Merge pull request #334 from Cyb3rWard0g/temp-sigma-fixes encoding fix and elastalert mapping	2019-09-11 11:03:25 -05:00
Nate Guagenti	3113a243b9	elastalert mapping	2019-09-11 11:00:39 -05:00
Nate Guagenti	479a650bb9	encoding and escaping fix	2019-09-11 10:56:08 -05:00
Nate Guagenti	3ded2f6673	use default GC	2019-09-11 09:29:33 -05:00
Nate Guagenti	d567aed3a9	Merge pull request #331 from Cyb3rWard0g/temp-sigma-fixes correct OSSEM <> SIGMAC ordering	2019-09-11 09:19:53 -05:00
Nate Guagenti	e02d135bb3	correct OSSEM <> SIGMAC ordering	2019-09-11 09:14:34 -05:00
Roberto Rodriguez	8280d98a72	Merge pull request #330 from Cyb3rWard0g/temporary-elastalert-hotfix Temporary elastalert hotfix	2019-09-11 09:06:33 -04:00
Nate Guagenti	5e9b3ff987	Update Dockerfile	2019-09-10 08:47:11 -04:00
Nate Guagenti	79a5379da3	Update helk-kibana-notebook-analysis-alert-trial.yml	2019-09-10 08:40:00 -04:00
Nate Guagenti	a78742bf4a	Update helk-kibana-notebook-analysis-alert-basic.yml	2019-09-10 08:39:21 -04:00
Nate Guagenti	2688a646c8	Update helk-kibana-analysis-alert-trial.yml	2019-09-10 08:38:32 -04:00
Nate Guagenti	15e05216fa	Update helk-kibana-analysis-alert-basic.yml	2019-09-10 08:37:09 -04:00
Nate Guagenti	37da1251ff	authoring-correction	2019-09-09 01:08:56 -04:00
Nate Guagenti	8b544b5508	Merge pull request #323 from Cyb3rWard0g/temp-sigma-fixes temprorary-hotfix20190401	2019-09-04 12:07:51 -04:00
Nate Guagenti	6b366c8f95	temprorary-hotfix20190401 - correctly sets query for rules not matching an index pattern - fix Process typo - correction - dst_is_ipv6 isn't used anymore and sysmon DestinationIsIpv6 is kept	2019-09-04 12:03:00 -04:00
cyb3rward0g	10190018f5	Hotfix Jupyter https://github.com/Cyb3rWard0g/HELK/issues/315	2019-08-25 13:39:42 -04:00
cyb3rward0g	9b817f9260	Update helk_remove_containers.sh removing specific images.	2019-08-24 06:51:47 -04:00
cyb3rward0g	3a9b3a0718	Hot Fix 20190824 Fix https://github.com/Cyb3rWard0g/HELK/issues/316	2019-08-24 06:41:26 -04:00
Nate Guagenti	5e1a3eb53e	hotfix-2019-08-20 v001 typo ip type and rfc	2019-08-20 14:06:35 -04:00
Roberto Rodriguez	ad834bd778	Merge pull request #308 from Cyb3rWard0g/pipelining Fix #186 and Fix #271	2019-08-14 12:01:33 -04:00
Roberto Rodriguez	18b9b08c0f	Merge pull request #288 from freeload101/patch-1 Update helk_install.sh	2019-07-10 11:59:16 -04:00
Roberto Rodriguez	4242672c4a	Merge pull request #299 from itsnotapt/sysmon_10_changes [Feature Request] Added Sysmon 10 new fields and DNSEvent type.	2019-07-10 11:58:12 -04:00
itsnotapt	5466908ba4	DnsQuery not DnsEvent	2019-07-10 12:55:39 +01:00
Carl Rutherford	04fcc6f118	Added Sysmon 10 new fields and DNSEvent type.	2019-07-10 11:45:48 +01:00
Roberto Rodriguez	d10231195d	Jupyter Updates + Updated notebooks connection to ES + Updaed Jupyter Image	2019-07-07 19:58:44 -04:00
Roberto Rodriguez	a177a8b165	Update helk_install.sh fix https://github.com/Cyb3rWard0g/HELK/issues/298	2019-07-07 16:57:49 -04:00
neu5ron	8088efa28b	track & install latest docker compose. #186	2019-07-07 00:41:30 -04:00
neu5ron	2cdc233a27	process_granted_access as decimal. fixes #271	2019-07-06 21:17:32 -04:00
neu5ron	e463c7d554	track & install latest docker compose. fixed #186	2019-07-06 21:16:30 -04:00
Roberto Rodriguez	0da53d1626	Merge pull request #292 from Cyb3rWard0g/pipelining pipeline fixes and enhancements	2019-06-24 11:12:51 -04:00
neu5ron	e23f8ee6b6	mapping for process_target_id. fixes #290	2019-06-23 22:30:06 -04:00
neu5ron	dc7634f454	make the field for sysmon_version a float with sub field of keyword	2019-06-23 22:29:12 -04:00
neu5ron	9a2812fa43	ScheduledTask user normalization and task name change addition, think this got missed somehow thinking we had it done in the scheduled task XML field parser from 2512	2019-06-23 22:21:19 -04:00
neu5ron	74b7a8b2db	clean "blank" AuthenticationPackageName and PackageName fields	2019-06-23 22:18:01 -04:00
neu5ron	8ff875f070	fix for winlogbeat param field conflicts.	2019-06-23 22:10:43 -04:00
operat0r	753581bac8	Update helk_install.sh Also found a bug in this script but can't sort out what the hell this awk line is doing ? AVAILABLE_DOCKER_DISK=$(df -m $(docker info --format '{{.DockerRootDir}}') \| awk '$1 ~ /\//{printf "%.f", $4 / 1024}') it needs to pull 999999 when overlay is mounted but still work with /dev/sda etc overlay 4444444 4444444 999999 9% /	2019-06-18 13:29:35 -04:00
Roberto Rodriguez	7f9c11eb3d	Merge pull request #286 from Cyb3rWard0g/dev Update kibana-entrypoint.sh	2019-06-15 14:24:40 -04:00
Roberto Rodriguez	e10601a424	Update kibana-entrypoint.sh Removed ES call timeout in Kibana entrypoint	2019-06-15 14:24:11 -04:00
Roberto Rodriguez	591186ce6e	Merge pull request #285 from Cyb3rWard0g/dev Update kibana-entrypoint.sh	2019-06-14 10:56:19 -04:00
Roberto Rodriguez	690db58c46	Update kibana-entrypoint.sh	2019-06-14 10:55:26 -04:00
Roberto Rodriguez	7bd459ad98	Merge pull request #284 from Cyb3rWard0g/pipelining scheduled task and PS	2019-06-13 14:53:13 -04:00
neu5ron	7bd0ee7ee2	Merge branch 'master' of https://github.com/Cyb3rWard0g/HELK into pipelining	2019-06-13 14:42:24 -04:00
neu5ron	f58f75300c	better whitespace support	2019-06-13 14:42:04 -04:00
neu5ron	349fec620f	fixes original field naming issue for xml parsing scheduled task. also, better whitespace support	2019-06-13 14:39:27 -04:00
Roberto Rodriguez	1cb4265895	Merge pull request #280 from Cyb3rWard0g/dev Logstash Pipeline and ES Memory	2019-06-10 22:56:33 -04:00

1 2 3 4 5 ...

429 Commits (d4c9f7f9d172b99eed53d7347d9bb84936f67563) All Branches Search

429 Commits (d4c9f7f9d172b99eed53d7347d9bb84936f67563)

All Branches