Awesome

Burnham Forensics ELK Deployment Files

Relevant configuration, filter, and rule files pertaining to installations of ELK used by Burnham Forensics. The contents of this repository are dynamic; constantly updated with respect to new threats and Elastic Stack updates.

Contents

The contents of this repository include:

• Logstash Pipeline Files (SSL & Non-SSL)
• Microsoft Sysinternals' Sysmon Configuration Files
• Winlogbeat Configuration Files
• Generic Elastalert Rules

Credit

This work would not be possible without the work of others. While their work is credited where seen, below is a list of contributors and their respective projects:

Roberto Rodriguez - (@Cyb3rWard0g)

HELK Project - Logstash and Winlogbeat Configuration/Pipeline Files

https://github.com/Cyb3rWard0g/HELK

SwiftOnSecurity

Sysmon-Config - Crowd-sourced Sysmon configuration file template for high-quality event tracing

https://github.com/SwiftOnSecurity/sysmon-config