Relevant configuration, filter, and rule files pertaining to installations of ELK used by Burnham Forensics. The contents of this repository are dynamic; constantly updated with respect to new threats and Elastic Stack updates.
The contents of this repository include:
- Logstash Pipeline Files (SSL & Non-SSL)
- Microsoft Sysinternals' Sysmon Configuration Files
- Winlogbeat Configuration Files
- Generic Elastalert Rules
This work would not be possible without the work of others. While their work is credited where seen, below is a list of contributors and their respective projects:
https://github.com/Cyb3rWard0g/HELK
https://github.com/SwiftOnSecurity/sysmon-config