Skip to content
/ belk-threat-hunting Public

This is a 3 days full hands-on workshop on how to build a complete Threat Hunting platform and automate security alert using the BELK stack.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dcodx/belk-threat-hunting

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
elastalert
elastalert
 
 
kibana
kibana
 
 
logstash
logstash
 
 
.DS_Store
.DS_Store
 
 
README.md
README.md
 
 
docker-compose.yaml
docker-compose.yaml
 
 
logo.png
logo.png
 
 

Repository files navigation

Threat Hunting with a BELK stack

What will you learn

  • How to setup a threat hunting platform using the ELK stack
  • How to collect security events from different assets
  • How to analyse them using Kibana
  • How to create automatic rules on security incidents based on the MITRE ATT&CK framework
  • How to alert and get more insights on the issue

What will you need

  • Docker (docker-compose) with 4GB of RAM
  • An account on Slack
  • A Windows VM (we suggest Windows 10)

Run the stack

As we are using docker in this labs, to bring up and running the ELK stack and ElastAlter, you must run

docker-compose build && docker-compose up

from the root directory of the project. If everything ran correctly you should be able to reach:

  • http://localhost:5601 Kibana
  • http://localhost:9200 ElasticSearch
  • http://localhost:3030 ElastAlert

More info: https://1337.dcodx.com/workshops/workshop-threat-hunting-with-belk-stack

About

This is a 3 days full hands-on workshop on how to build a complete Threat Hunting platform and automate security alert using the BELK stack.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages