Roberto Rodriguez

Hello @priamai ! There is this test in here: https://github.com/Cyb3rWard0g/HELK/blob/master/docker/helk-logstash/scripts/logstash-entrypoint.sh#L57, but we do not have a unitest process yet. I will mark this as a feature requested. Thank you for...

Hey @Koploseus , I was working on a way to make it easier for anyone to just replace the pipeline, but I have not got it yet. I will work...

Hello @aniketpant1 , the rules are created automatically from SIGMA to elastalert. I do not know if it can be added when the rule is translated. I believe that would...

We are working on helk-elastalert still. There are some pending commits to improve that docker container. Failing at the moment. Thank you for your patience.

Hey @nugnugrawk ! We are currently working on updating helk-elastalert to handle sigma rules for HELK.

Hey @nugnugrawk ! Sigma can be used directly in the Kibana interface if you translate the sigma rule to the right syntax. We use helk-elastalert to automate the execution of...

You can use https://uncoder.io/ to do the translation

One issue with that of course is that the translation uses ECS standardization. Make sure you use the right field names with HELK

Hey @neu5ron I believe you worked on the last scripts for SIGMA Elastalert entrypoint. Do you have some ideas for this issue? I will go over the script one more...

I have not tested HELK with that type of setup. I assume it has to do with the Kibana needed to be configured also to handle the client certificate and...