The Hunting ELK or simply the HELK is one of the first open source hunt platforms with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack. This project was developed primarily for research, but due to its flexible design and core components, it can be deployed in larger environments with the right configurations and scalable infrastructure.
- Provide an open source hunting platform to the community and share the basics of Threat Hunting.
- Expedite the time it takes to deploy a hunt platform.
- Improve the testing and development of hunting use cases in an easier and more affordable way.
- Enable Data Science capabilities while analyzing data via Apache Spark, GraphFrames & Jupyter Notebooks.
The project is currently in an alpha stage, which means that the code and the functionality are still changing. We haven't yet tested the system with large data sources and in many scenarios. We invite you to try it and welcome any feedback.
- Welcome to HELK! : Enabling Advanced Analytics Capabilities
- Spark Standalone Mode
- Setting up a Pentesting.. I mean, a Threat Hunting Lab - Part 5
- An Integrated API for Mixing Graph and Relational Queries
- Graph queries in Spark SQL
- Graphframes Overview
- Elastic Products
- Elastic Subscriptions
- Elasticsearch Guide
- spujadas elk-docker
- deviantony docker-elk
- Nate Guagenti @neu5ron