Skip to content
Burnham Forensics ELK Deployment Files
Branch: master
Clone or download
zmbf0r3ns1cs Repository Restructure
Merged SSL & Non-SSL directories and added one for optional Logstash filters
Latest commit d59966c Apr 20, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
elastalert ES Rules and Filebeat Output Updated Apr 6, 2019
images Update bf+elk.PNG Mar 31, 2019
logstash Repository Restructure Apr 20, 2019
sysmon Initial Commit Mar 31, 2019
winlogbeat Initial Commit Mar 31, 2019
LICENSE
README.md Update README.md Mar 31, 2019

README.md

Screenshot

Burnham Forensics ELK Deployment Files

Relevant configuration, filter, and rule files pertaining to installations of ELK used by Burnham Forensics. The contents of this repository are dynamic; constantly updated with respect to new threats and Elastic Stack updates.

Contents

The contents of this repository include:

  • Logstash Pipeline Files (SSL & Non-SSL)
  • Microsoft Sysinternals' Sysmon Configuration Files
  • Winlogbeat Configuration Files
  • Generic Elastalert Rules

Credit

This work would not be possible without the work of others. While their work is credited where seen, below is a list of contributors and their respective projects:

Roberto Rodriguez - (@Cyb3rWard0g)

HELK Project - Logstash and Winlogbeat Configuration/Pipeline Files

https://github.com/Cyb3rWard0g/HELK

SwiftOnSecurity

Sysmon-Config - Crowd-sourced Sysmon configuration file template for high-quality event tracing

https://github.com/SwiftOnSecurity/sysmon-config

You can’t perform that action at this time.