BF-ELK
所属分类:collect
开发工具:Others
文件大小:0KB
下载次数:0
上传日期:2019-04-20 04:48:19
上 传 者:
sh-1993
说明: Burnham Forensics ELK部署文件,
(Burnham Forensics ELK Deployment Files,)
文件列表:
LICENSE (35149, 2019-04-19)
elastalert/ (0, 2019-04-19)
elastalert/globalconfig.txt (324, 2019-04-19)
elastalert/rules/ (0, 2019-04-19)
elastalert/rules/nginx_failed_logon.yml (781, 2019-04-19)
elastalert/rules/suspicious_recon_activity.yml (934, 2019-04-19)
** (713, 2019-04-19)
images/ (0, 2019-04-19)
images/bf+elk.PNG (39021, 2019-04-19)
logstash/ (0, 2019-04-19)
logstash/conf.d/ (0, 2019-04-19)
logstash/conf.d/0004-beats-input.conf (206, 2019-04-19)
logstash/conf.d/0098-all-filter.conf (396, 2019-04-19)
logstash/conf.d/0099-all-fingerprint-hash-filter.conf (2500, 2019-04-19)
logstash/conf.d/1010-winevent-winlogbeats-filter.conf (1272, 2019-04-19)
logstash/conf.d/1500-winevent-cleanup-no-dashes-only-values-filter.conf (3447, 2019-04-19)
logstash/conf.d/1521-winevent-conversions-ip-conversions-basic-filter.conf (8544, 2019-04-19)
logstash/conf.d/1522-winevent-cleanup-lowercasing-windows-filter.conf (4897, 2019-04-19)
logstash/conf.d/1523-winevent-process-name-filter.conf (1907, 2019-04-19)
logstash/conf.d/1524-winevent-process-ids-filter.conf (2496, 2019-04-19)
logstash/conf.d/1531-winevent-sysmon-filter.conf (7165, 2019-04-19)
logstash/conf.d/1532-winevent-security-filter.conf (35048, 2019-04-19)
logstash/conf.d/1533-winevent-system-filter.conf (1280, 2019-04-19)
logstash/conf.d/1534-winevent-application-filter.conf (567, 2019-04-19)
logstash/conf.d/1535-winevent-wmiactivity-filter.conf (11105, 2019-04-19)
logstash/conf.d/1536-filebeat-system-module-filter.conf (3556, 2019-04-19)
logstash/conf.d/1537-filebeat-nginx-module-filter.conf (2039, 2019-04-19)
logstash/conf.d/1541-winevent-process-name-split.conf (1532, 2019-04-19)
logstash/conf.d/1542-winevent-process-ids-conversions.conf (1176, 2019-04-19)
logstash/conf.d/1543-winevent-user-ids-conversions.conf (472, 2019-04-19)
logstash/conf.d/1544-winevent-cleanup-other.conf (1762, 2019-04-19)
logstash/conf.d/1545-winevent-security-conversions.conf (17306, 2019-04-19)
logstash/conf.d/2511-winevent-powershell-filter.conf (9866, 2019-04-19)
logstash/conf.d/2512-winevent-security-schtasks-filter.conf (2223, 2019-04-19)
logstash/conf.d/8012-dst-ip-cleanups-filter.conf (5317, 2019-04-19)
logstash/conf.d/8013-src-ip-cleanups-filter.conf (5317, 2019-04-19)
logstash/conf.d/8014-dst-nat-ip-cleanups-filter.conf (5349, 2019-04-19)
logstash/conf.d/8015-src-nat-ip-cleanups-filter.conf (5349, 2019-04-19)
logstash/conf.d/8112-dst-ip-filter.conf (6667, 2019-04-19)
... ...
### Burnham Forensics ELK Deployment Files
Relevant configuration, filter, and rule files pertaining to installations of ELK used by Burnham Forensics. The contents of this repository are dynamic; constantly updated with respect to new threats and Elastic Stack updates.
## Contents
The contents of this repository include:
- Logstash Pipeline Files (SSL & Non-SSL)
- Microsoft Sysinternals' Sysmon Configuration Files
- Winlogbeat Configuration Files
- Generic Elastalert Rules
## Credit
This work would not be possible without the work of others. While their work is credited where seen, below is a list of contributors and their respective projects:
### Roberto Rodriguez - (@Cyb3rWard0g)
#### HELK Project - Logstash and Winlogbeat Configuration/Pipeline Files
https://github.com/Cyb3rWard0g/HELK
### SwiftOnSecurity
#### Sysmon-Config - Crowd-sourced Sysmon configuration file template for high-quality event tracing
https://github.com/SwiftOnSecurity/sysmon-config
近期下载者:
相关文件:
收藏者: