• Stars
    star
    133
  • Rank 272,600 (Top 6 %)
  • Language
    Shell
  • Created almost 5 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An ELK environment containing interesting security datasets.

ELK Detection Lab

An ELK environment loaded with the following datasets:

Thanks to the authors of the datasets as well as:

Prerequisites

You need at least:

  • a working Docker CE installation with docker-compose
  • 8 GB free disk space
  • 2 GB RAM for a reasonable Elasticsearch performance

Installation

Clone this repository and the dataset submodules with:

git clone --recurse-submodules https://github.com/thomaspatzke/elk-detection-lab.git

Run this command to start the ELK environment and import the datasets:

./elk-detection-lab.sh init

Wait at least until the document count of all winlogbeat-* and filebeat-* indices stops to increase which can take several 10 minutes.

After this was run once, the ELK environment can be started without importing the data again:

./elk-detection-lab.sh run

Usage

Open the local Kibana in your browser.

The Windows log data starts in November 2018 and the field naming follows the ECS scheme and Winlogbeat 7 conventions.

The data created from the malware-traffic-analysis.net PCAPs is located in the index filebeat-* and goes back to 2013. Please adjust the Kibana time range accordingly.

More Repositories

1

WASE

The Web Audit Search Engine - Index and Search HTTP Requests and Responses in Web Application Audits with ElasticSearch
Python
112
star
2

android-nfc-paycardreader

NFC card reader Android app. Currently reads the german GeldKarte and some credit cards.
Java
108
star
3

logstash-linux

Logstash Configuration for Linux Logs (Authentication, Apache, Mail)
92
star
4

Log4Pot

A honeypot for the Log4Shell vulnerability (CVE-2021-44228).
Python
90
star
5

POODLEAttack

PoC implementation of the POODLE attack
Python
66
star
6

EQUEL

An Elasticsearch QUEry Language
Python
57
star
7

Burp-SessionAuthTool

Burp plugin which supports in finding privilege escalation vulnerabilities
Python
40
star
8

sigma-workshop

Elasticsearch/Kibana environment and log data for Sigma workshop
Shell
26
star
9

Clickjacking-Exploit

Clickjacking Proof-of-Concept Exploit
25
star
10

NastyWebHackme

Broken web app intentionally built with pentesting obstacles
Python
15
star
11

Burp-MissingScannerChecks

Collection of scanner checks missing in Burp
Python
14
star
12

BrowserCrasher

Crash browsers with opensource test suites
HTML
8
star
13

Demo-ClientsideWebAttacks

Demonstration of some client-side web application vulnerabilities (DOM XSS, Clickjacking) and wrong usage of local storage.
JavaScript
7
star
14

CSRF-Multistep

Framework for building multistep CSRF Proof of Concepts
4
star
15

Burp-Randomizer

Randomize parts of requests with a session handling rule action.
Python
3
star
16

hashextension

Implementation of the hash extension attack
Python
2
star
17

infosec-notebooks

Jupyter notebooks for threat hunting and incident response
2
star
18

AVR-RandomStuff

Some tiny programs I coded for Atmel AVR microcontrollers. Sense&pointless, but possibly useful for someone.
C
1
star
19

OwnTwitterFilterBubble

Build your Own Twitter Filter Bubble with Deep Learning
Python
1
star
20

ImageSearch

Script collection that makes my photos searchable
Python
1
star
21

sigma-workshop-operationalization

Workshop "Operationalization of Sigma Rules with Processing Pipelines" at Hack.lu 2024
1
star