Nate Guagenti
Nate Guagenti
First off, this is a genius project! Great use of Elastic ELK. * 1) I should be able to send you something to set the default kibana index once I...
Use this checklist to track logstash wiki and documentation - [x] Update https://github.com/Cyb3rWard0g/HELK/wiki/Create-Plugins-Offline-Package - [x] Update HELK overview picture - [x] remove alien vault integration - [x] update with new...
#### Winlogbeat - [ ] incorrect usage of wef forwarder name, sometimes gets fixed sometimes regress, so keeping open. because still confusion of host vs hostname vs event hostname. -...
list of items to include/add/update for Wiki - [ ] additional log info for Kibana (apart from docker logs follow) `docker exec -it helk-kibana tail -f config/kibana_logs.log` - [ ]...
#### In OSSEM but not HELK - [x] Security:4964 - [x] Security:4626 - [x] Security:4664 - [x] Security:4688 naming - [x] Security:4696 - [x] Audit User Account Management - [x]...
make sure, though, that custom formatting like url templates or display of integers and such are kept
ability via, rocknsm config yml, a bool (True|False) to enable only suricata eve log alerts and have everything else disabled.. essentially turning suricata into an IDS only. maybe in /etc/rocknsm/config.yml...
similar to https://github.com/rocknsm/rock/issues/336 but option to turn on payload capture for eve alert via /etc/rocknsm/config.yml that would set following in /etc/suricata/suricata.yml ``` # params that would be set if payload...
right now, logstash jvm heap gets set to 1GB min by 1GB max. Recommend some logic to set the min&max based upon the available memory or some other logic. reference...
Just tracking and so I don’t forget: - network payload/pcap - email entity - geo. include longitude, latitude, location, rack unit, etc - organization. name and uid