Skip to content
Repository of resources for configuring a Red Team SIEM using Elastic
Branch: master
Clone or download
Latest commit c31cd0f Jul 11, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
ansible added logstash apache filter Jul 5, 2018
elastalert initial commit Jun 22, 2018
elastic added logstash apache filter Jul 5, 2018
resources initial commit Jun 22, 2018
LICENSE
README.md Update README.md Jul 10, 2018

README.md

Elastic for Red Teaming

Overview

Repository of resources for configuring a Red Team SIEM using Elastic

Note: This repository is a companion to a talk given at BSides Pittsburgh 2018.

Directory structure

.
├── ansible
│     └── Ansible playbooks for deploying an Elastic instance and configuring clients to forward the relevant logs 
├── elastalert
│     └── Elastalert example rules and configuration files
├── elastic
│     └── Example static configuration files
└── resources
      └── Resources for related services/technology such as Cobalt Strike

Roadmap

  • Update ELK services to latest version
  • Refine playbooks added to reference repo
  • Evaluate alternatives (e.g. Fluentd vs Logstash, Grafana vs Kibana, Rsyslog vs Beats)
You can’t perform that action at this time.