RedELK icon indicating copy to clipboard operation
RedELK copied to clipboard

Published 20 hours ago verified publisher icon outflanknl

Support for Sliver C2

Open hypnoticpattern opened this issue 3 years ago • 3 comments

Add support for ingesting Sliver logs into RedElk. The Audit Logs are in nested-JSON format designed to be primarily machine readable.

hypnoticpattern avatar Jan 12 '22 18:01 hypnoticpattern

Thanks for brining this to our attention. We are limited in time so I don't see us picking this up in the very near future. Happy to help you though with questions if you decide to start with this yourself!

There is a walkthrough on adding a new C2 framework to RedELK on the wiki: https://github.com/outflanknl/RedELK/wiki/Red-team-tooling-support#adding-support-for-other-c2-frameworks

MarcOverIP avatar Jan 13 '22 08:01 MarcOverIP

Has there been any progress on this? Was curious about leveraging this as a part of a red vs blue exercise since sliver is the more popular tooling for the event.

runesage avatar Aug 06 '23 13:08 runesage

Dev is ongoing and tracked in #267

MarcOverIP avatar Sep 11 '23 20:09 MarcOverIP