Awesome
Burnham Forensics ELK Deployment Files
Relevant configuration, filter, and rule files pertaining to installations of ELK used by Burnham Forensics. The contents of this repository are dynamic; constantly updated with respect to new threats and Elastic Stack updates.
Contents
The contents of this repository include:
- Logstash Pipeline Files (SSL & Non-SSL)
- Microsoft Sysinternals' Sysmon Configuration Files
- Winlogbeat Configuration Files
- Generic Elastalert Rules
Credit
This work would not be possible without the work of others. While their work is credited where seen, below is a list of contributors and their respective projects:
Roberto Rodriguez - (@Cyb3rWard0g)
HELK Project - Logstash and Winlogbeat Configuration/Pipeline Files
https://github.com/Cyb3rWard0g/HELK