Skip to content

zmbf0r3ns1cs/BF-ELK

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits

elastalert

elastalert

 
 

images

images

 
 

logstash

logstash

 
 

sysmon

sysmon

 
 

winlogbeat

winlogbeat

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

Screenshot

Burnham Forensics ELK Deployment Files

Relevant configuration, filter, and rule files pertaining to installations of ELK used by Burnham Forensics. The contents of this repository are dynamic; constantly updated with respect to new threats and Elastic Stack updates.

Contents

The contents of this repository include:

  • Logstash Pipeline Files (SSL & Non-SSL)
  • Microsoft Sysinternals' Sysmon Configuration Files
  • Winlogbeat Configuration Files
  • Generic Elastalert Rules

Credit

This work would not be possible without the work of others. While their work is credited where seen, below is a list of contributors and their respective projects:

Roberto Rodriguez - (@Cyb3rWard0g)

HELK Project - Logstash and Winlogbeat Configuration/Pipeline Files

https://github.com/Cyb3rWard0g/HELK

SwiftOnSecurity

Sysmon-Config - Crowd-sourced Sysmon configuration file template for high-quality event tracing

https://github.com/SwiftOnSecurity/sysmon-config

About

Burnham Forensics ELK Deployment Files

www.burnhamforensics.com

Topics

logstash elk sysmon threat-hunting winlogbeat elastic elastalert

Resources

Readme

License

GPL-3.0 license
Activity

Stars

8 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published