cvandeplas/ELK-forensics cvandeplas/ELK-forensics

  • This repository has been archived on 06/Dec/2023
  • Stars
    star
    179
  • Rank 214,039 (Top 5 %)
  • Language
    Python
  • License
    GNU Affero Genera...
  • Created over 10 years ago
  • Updated over 5 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
cvandeplas/ELK-forensics
github

cvandeplas

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

ELK configuration files for Forensic Analysts and Incident Handlers (unmaintained)

ELK-forensics

-- Note: This repository is not maintained anymore. --

ELK configuration files for Forensic Analysts and Incident Handlers.

For more information, screenshots and HOWTO's read:

How to use

 apt-get install git-core
 git clone https://github.com/cvandeplas/ELK-forensics

That will create a directory - ELK-forensics - holding the configuration files.

  • Open your Kibana web interface
  • Right upper corner, Load -> Advanced -> Browse
  • Load the desired json template(s)
  • Copy the .conf file to your /etc/logstash/conf.d directory
  • Restart the logstash service
  • Feed your logs

Make sure you also look at the documentation provided in the .conf files.

Do not hesitate to contribute ! All feedback is appreciated !

Thanks Christophe

License

More Repositories

1

pystemon

Monitoring tool for PasteBin-alike sites written in Python. Inspired by pastemon http://github.com/xme/pastemon
Python
334
star
2

suricata_stats

Statistics parsing for suricata
Python
17
star
3

inet_scripts

Various small internet / website related scripts
Python
3
star
4

plaso

Python
2
star
5

EBus_Bulex

Decoding of the Bulex EBUS implementation
Python
2
star