Marc Smeets
Marc Smeets
**Feature Request** We would want to have Covenant log its actions to a log file so we can work on RedELK integration (https://github.com/outflanknl/RedELK) Covenant currently has some data in its...
You have a hardcoded domain name "lab.com" in the script. You might want to have the user enter it as a parameter., or auto discover it. Perhaps use [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name.ToString() for...
Bluecheck output should be fully parsed by Logstash, and alarms should be made. Data is sent to dedicated bluecheck-* index - [x] Create logstash filter rule for Bluecheck Certcheck (check...
There are glibc related issues with some filebeat versions. More info: https://kifarunix.com/how-to-fix-filebeat-glibc-related-errors/ Solution is to upgrade the ELK stack to at least 7.17.2
Support for RedWarden - also tracked there https://github.com/mgeeky/RedWarden/issues/5
The documentation on the wiki should be updated to include: - [x] installation steps for new v2 dockerized setup - [x] Explanation of install-elkserver.sh parameters - [x] How to use...
For record keeping, if we want to fix some logstash warnings: - add ``pipeline.ecs_compatibility: v1`` to ``elkserver/mounts/logstash-config/config/pipelines.yml`` to set the ECS version - set ``sniffing => false`` in ``elkserver/mounts/logstash-config/redelk-main/conf.d/99-outputs_logstash.conf`` -...
New alarm, sort of a catch all, when'RedELK alarm' is written to an implant log or the c2 eventlog. Alarm should include the rest of that specific the log line....
Have full support for the Covenant C2 framework (https://github.com/cobbr/Covenant). I will need help from others with understanding the exact way of logging performed by Covenant; I have 0 experience with...
Have full support for the PoshC2 framework (https://github.com/nettitude/PoshC2). I will need help from others with understanding the exact way of logging performed by PoshC2.