ELK configuration files for Forensic Analysts and Incident Handlers
Python
Latest commit 5ac7bf4 Feb 18, 2016 @cvandeplas Merge pull request #4 from remg427/patch-1
Update plaso.l2tcsv.conf

README.md

ELK-forensics

ELK configuration files for Forensic Analysts and Incident Handlers.

For more information, screenshots and HOWTO's read:

How to use

 apt-get install git-core
 git clone https://github.com/cvandeplas/ELK-forensics

That will create a directory - ELK-forensics - holding the configuration files.

  • Open your Kibana web interface
  • Right upper corner, Load -> Advanced -> Browse
  • Load the desired json template(s)
  • Copy the .conf file to your /etc/logstash/conf.d directory
  • Restart the logstash service
  • Feed your logs

Make sure you also look at the documentation provided in the .conf files.

Do not hesitate to contribute ! All feedback is appreciated !

Thanks Christophe

License