DetectionLabELK - A Fork From DetectionLab With ELK Stack Instead Of Splunk

DetectionLabELK is a fork from Chris Long's DetectionLab with ELK stack instead of Splunk. Description: DetectionLabELK is the perfect lab to use if you would like to build effective detection capabilities. It has been designed with defenders in mind. Its primary purpose is to allow blueteams to...

LinuxCatScale - Incident Response Collection And Processing Scripts With Automated Reporting Scripts

Linux CatScale is a bash script that uses live of the land tools to collect extensive data from Linux based hosts. The data aims to help DFIR professionals triage and scope incidents. An Elk Stack instance also is configured to consume the output and assist the analysis process. Usage This script...

tsharkVM - Tshark + ELK Analytics Virtual Machine

This project builds virtual machine which can be used for analytics of tshark -T ek ndjson output. The virtual appliance is built using vagrant, which builds Debian 10 with pre-installed and pre-configured ELK stack. After the VM is up, the process is simple: decoded pcaps tshark -T ek output /...

Bughound - Static Code Analysis Tool Based On Elasticsearch

Bughound is an open-source static code analysis tool that analyzes your code and sends the results to Elasticsearch and Kibana to get useful insights about the potential vulnerabilities in your code. Bughound has its own Elasticsearch and Kibana Docker image that is preconfigured with dashboards ...

Dsiem - Security Event Correlation Engine For ELK Stack

Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system. Dsiem provides OSSIM-style correlation for normalized logs/events, perform lookup/query to threat intelligence and vulnerability information sources, and...

HELK - The Hunting ELK

The Hunting ELK or simply the HELK is one of the first open source hunt platforms with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack. This project was developed...

RedHunt OS - Virtual Machine For Adversary Emulation And Threat Hunting

Virtual Machine for Adversary Emulation and Threat Hunting RedHunt aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker's arsenal as well as defender's toolkit to actively identify the threats in your environment. Base Machine: Lubuntu-17.10.1...

HELK: one with the advanced analysis capabilities of vulnerability discovery platform-vulnerability warning-the black bar safety net

Today to introduce to you is a guy named HELK a tool, it is a superior analytical capability of Hunting ELK（Elasticsearch, Logstash, Kibana is. ! Target 1. To the security community to provide a free vulnerability Hunting platform, and shared some basic security threats and vulnerability discover...

Multi-Honeypot Platform: T-Pot

Multi-Honeypot Platform T-Pot is based on Ubuntu Server 16.10 LTS. The honeypot daemons as well as other support components being used have been paravirtualized using docker . This allowed developers to run multiple honeypot daemons on the same network interface without problems and make the enti...

HoneyDrive 3 - The Premier Honeypot Linux Distro

HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance OVA with Xubuntu Desktop 12.04.4 LTS edition installed. It contains over 10 pre-installed and pre-configured honeypot software packages such as Kippo SSH honeypot, Dionaea and Amun malware honeypots, Honeyd low-interaction...

Honeypot Linux Distro: HoneyDrive

HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance OVA with Xubuntu Desktop 12.04.4 LTS edition installed. It contains over 10 pre-installed and pre-configured honeypot software packages such as Kippo SSH honeypot, Dionaea and Amun malware honeypots, Honeyd low-interaction...