infosecn1nja
/
HELK
mirror of https://github.com/infosecn1nja/HELK.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
The Hunting ELK
54 Commits
4 Branches
12 Tags
262 MiB
Jupyter Notebook 78.3%
CSS 14%
Shell 5.6%
Ruby 1%
Dockerfile 0.7%
Other 0.4%
 
 
 
 
 
 
Go to file
Roberto Rodriguez 7486cd94f7 updated Logstash install script with powershell filter 2017-07-03 16:32:00 -04:00
elasticsearch Update elasticsearch.yml 2017-06-07 01:41:31 -04:00
kibana final updates disabling xpack 2017-06-07 01:48:59 -04:00
logstash PowerShell Logstash filter 2017-07-03 16:26:10 -04:00
nginx updated scripts & docker-compose to integrate stable nginx config 2017-06-08 00:54:25 -04:00
scripts updated Logstash install script with powershell filter 2017-07-03 16:32:00 -04:00
winlogbeat PowerShell Logstash filter 2017-07-03 16:26:10 -04:00
LICENSE Initial commit 2017-03-14 15:14:50 -04:00
README.md Update README.md 2017-06-29 11:21:59 -04:00
docker-compose.yml updated scripts & docker-compose to integrate stable nginx config 2017-06-08 00:54:25 -04:00

README.md

HELK [Beta]

The incredible HELK (Hunting, Elasticsearch, Logstash, Kibana) VM.

Goals

  • Provide a free hunting platform to the community and share the basics of Threat Hunting.
  • Make sense of a large amount of event logs and add more context to suspicious events during hunting.
  • Expedite the time it takes to deploy an ELK stack.
  • Improve the testing of hunting use cases in an easier and more affordable way.

Resources

Getting Started

Requirements

  • OS: Ubuntu-16.04.2 Server amd64 (Tested)
  • Network Connection: NAT or Bridge
  • RAM: 4GB (minimum)
  • Applications:
    • Docker & Docker-compose (Needed for HELK Docker Installation ONLY)

Installing Docker & Docker-compose

If you decide to build,(re)create, start and attach the specific containters needed for the HELK services (Elasticsearch, Logstash & Kibana), you will have to install Docker and Docker-compose first.

git clone https://github.com/Cyb3rWard0g/HELK.git
cd HELK/scripts
sudo ./helk_docker_install.sh

HELK Installation

The HELK can be installed via a bash script or a docker-compose file. After installing the HELK, browse to your HELK (host) IP address and log on with username:helk & password:hunting.

Bash Script

sudo git clone https://github.com/Cyb3rWard0g/HELK.git
cd HELK/scripts
sudo ./helk_install.sh

Docker-compose

sudo git clone https://github.com/Cyb3rWard0g/HELK.git
cd HELK
sudo docker-compose up

Author

Contributors

Contributing

There are a few things that I would like to accomplish with the HELK as shown in the To-Do list below, but I would also woult love to make the HELK a stable build for everyone in the community. If you are interested on making this build a more robust one and adding some cool features to it, PLEASE feel free to submit a pull request. #SharingIsCaring

TO-Do

  • Integrate NGINX in the Docker image
  • Upload Kibana Dashboards
  • Add Winlogbeat scripts & files
  • Add/Ingest samples logs to the HELK
  • Install Elastalert
  • Create Elastalert rules

More coming soon...