Skip to content
Burnham Forensics ELK Deployment Files
Branch: master
Clone or download
zmbf0r3ns1cs Repository Restructure
Merged SSL & Non-SSL directories and added one for optional Logstash filters
Latest commit d59966c Apr 20, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
elastalert ES Rules and Filebeat Output Updated Apr 6, 2019
images Update bf+elk.PNG Mar 31, 2019
logstash Repository Restructure Apr 20, 2019
sysmon Initial Commit Mar 31, 2019
winlogbeat Initial Commit Mar 31, 2019
LICENSE Update Mar 31, 2019


Burnham Forensics ELK Deployment Files

Relevant configuration, filter, and rule files pertaining to installations of ELK used by Burnham Forensics. The contents of this repository are dynamic; constantly updated with respect to new threats and Elastic Stack updates.


The contents of this repository include:

  • Logstash Pipeline Files (SSL & Non-SSL)
  • Microsoft Sysinternals' Sysmon Configuration Files
  • Winlogbeat Configuration Files
  • Generic Elastalert Rules


This work would not be possible without the work of others. While their work is credited where seen, below is a list of contributors and their respective projects:

Roberto Rodriguez - (@Cyb3rWard0g)

HELK Project - Logstash and Winlogbeat Configuration/Pipeline Files


Sysmon-Config - Crowd-sourced Sysmon configuration file template for high-quality event tracing

You can’t perform that action at this time.