HELK
HELK copied to clipboard
Cyb3rWard0g
The Hunting ELK
Hi there, I believe your colleague Miriam has an interesting project called EventList from Microsoft Security Baselines that can be used to enrich directly in Kafka the windows event logs....
Hi there, I haven't seen anything in the project which involves replaying winlogbeat events to make sure the events are correctly enriched and processed in ES. This will also help...
#### Describe the problem I am using the current latest build of HELK and have enabled TLS for my ES. For Elastalert to use the TLS ES, I would need...
HI, i have installed HELK with dockers and elastalert_status_status significantly increased to almost 4GB size. Elastalert_status_error shows me connection errors, but manually from docker container host is accesible and port...
I have setup zeek running the host where HELK is running. The zeek logs are being populated as json under /opt/bro/logs/current/ no issues there. root@helk:~# tail -1 /opt/bro/logs/current/conn.log {"ts":1608507941.199201,"uid":"CqhHBC4FK0Z49tBwF5","id.orig_h":"x.x.x.x","id.orig_p":49773,"id.resp_h":"y.y.y.y","id.resp_p":53,"proto":"udp","service":"dns","duration":0.0004978179931640625,"orig_bytes":31,"resp_bytes":106,"conn_state":"SF","local_orig":true,"local_resp":true,"missed_bytes":0,"history":"Dd","orig_pkts":1,"orig_ip_bytes":59,"resp_pkts":1,"resp_ip_bytes":134} I...
#### Describe the problem I've installed the HELK with the provided Documentation from here: https://thehelk.com/installation.html using option 2 in the install dialog with no know or seen error during that....
 no show logs in elastalert, why ? after installation i go to kibana and show this problem. thank you
Hey, i installed everything (option 4) and i want to connect my zeek logs to Helk now, which i tried to do with the manual from kibana/tutorial/zeekLogs, the problem is...
#### Describe the problem Errors encountered during initial helk-elastalert (docker) execution #### Provide the output of the following commands Get operating system and version for linux (except Mac) use: `cat...
Hi, i am trying to build HELK with an elastic cluster with TLS enabled to use basic license in prodcution mode. I rebuilded the compose file and i can get...
