infosecn1nja
/
HELK
mirror of https://github.com/infosecn1nja/HELK.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
HELK/scripts
History
Roberto Rodriguez 931d56729f HELK-07122018 
License: GPL-3.0 Update
++ Updated all the local documents
++ Docker images in Dockerhub in progreess

Docker-Compose
++ Created two options: basic and trial

ELK Stack Docker Files
++ Created Trial Folders to make sure the configurations are set properly for when the user selects trial version of HELK.
++++ HELK trial = x-pack + trial license + security enabled
++ Deprecating the HELKs Platinum's Branch. Merging that branch with the HELKs master to allow user to select the type of license during the install process.

Jupyter
++ Getting ready for Jupyterhub
++ Created two folders: basic and trial to allow elasticsearch interaciton with username and password hardcoded in the spark session. trial license requires any interaction with elasticsearch to be authenticated.

Kibana
++ Added trial folder with scripts that set up security configs for the trial version of HELK. It creates users and roles to test the security features of x-pack

Logstash
++ Created trial folder with another pipeline folder in it. The pipeline in trial has output configs with elasticsearch's username and password hardcoded. Ready for when the user sets the build with trial license and wants to send logs to elasticsearch. The logstash configs are the same as the ones from the defailt pipeline. They only have username and password configs on all the output configs.

Nginx
++ set trial folder with the right config to allow Kibana handle the authentication process when user builds and installs HELK with a trial license. No need for nginx to handle the authentication.

helk_install bash script
++ Updated script to handle license choice : basic or trial
++ basic license is selected by default. If user selects trial, it runs the specific docker-compose file needed to build and install HELK with the right trial configs.
++ Updated also the CLI options. User now will have to specify the license for HELK. Example: sudo ./helk_install.sh -i 192.168.64.131 -l basic
 		2018-07-12 00:29:09 -04:00
..
export_attack.py HELK-07122018 2018-07-12 00:29:09 -04:00
helk_docker_edge_install.sh HELK-07122018 2018-07-12 00:29:09 -04:00
start-winlogbeat.ps1 HELK 6.2.3 - 032218 2018-03-22 03:32:21 -04:00