Skip to content

Repository of resources for configuring a Red Team SIEM using Elastic

License

Notifications You must be signed in to change notification settings

SecurityRiskAdvisors/RedTeamSIEM

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Elastic for Red Teaming

Overview

Repository of resources for configuring a Red Team SIEM using Elastic

Note: This repository is a companion to a talk given at BSides Pittsburgh 2018.

Directory structure

.
├── ansible
│     └── Ansible playbooks for deploying an Elastic instance and configuring clients to forward the relevant logs 
├── elastalert
│     └── Elastalert example rules and configuration files
├── elastic
│     └── Example static configuration files
└── resources
      └── Resources for related services/technology such as Cobalt Strike

Roadmap

  • Update ELK services to latest version
  • Refine playbooks added to reference repo
  • Evaluate alternatives (e.g. Fluentd vs Logstash, Grafana vs Kibana, Rsyslog vs Beats)

About

Repository of resources for configuring a Red Team SIEM using Elastic

Resources

License

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages