GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → marco-lancini → Docker_offensive_elk

marco-lancini / Docker_offensive_elk

Licence: other
Elasticsearch for Offensive Security

Programming Languages

python
139335 projects - #7 most used programming language

Labels

dockerelasticsearchdocker-composepentestingkibananmapelk-stack

Projects that are alternatives of or similar to Docker offensive elk

Docker Compose Elasticsearch Kibana
Docker Compose for Elasticsearch and Kibana
Stars: ✭ 584 (+421.43%)
Mutual labels:  elk-stack, elasticsearch, docker-compose, kibana
Microservices Sample
Sample project to create an application using microservices architecture
Stars: ✭ 167 (+49.11%)
Mutual labels:  elasticsearch, docker-compose, kibana
Docker Elk
The Elastic stack (ELK) powered by Docker and Compose.
Stars: ✭ 12,327 (+10906.25%)
Mutual labels:  elasticsearch, docker-compose, kibana
Sigmaui
SIGMA UI is a free open-source application based on the Elastic stack and Sigma Converter (sigmac)
Stars: ✭ 123 (+9.82%)
Mutual labels:  elk-stack, elasticsearch, kibana
Elastic Docker
Example setups for Elasticsearch, Kibana, Logstash, and Beats with docker-compose
Stars: ✭ 118 (+5.36%)
Mutual labels:  elasticsearch, docker-compose, kibana
Elastic
Elastic Stack (6.2.4) 을 활용한 Dashboard 만들기 Project
Stars: ✭ 121 (+8.04%)
Mutual labels:  elk-stack, elasticsearch, kibana
Search Guard Docs
Official documentation for Search Guard, the Elasticsearch security suite
Stars: ✭ 92 (-17.86%)
Mutual labels:  elk-stack, elasticsearch, kibana
Pfelk
pfSense/OPNsense + ELK
Stars: ✭ 417 (+272.32%)
Mutual labels:  elasticsearch, docker-compose, kibana
Helk
The Hunting ELK
Stars: ✭ 3,097 (+2665.18%)
Mutual labels:  elk-stack, elasticsearch, kibana
Json Logging Python
Python logging library to emit JSON log that can be easily indexed and searchable by logging infrastructure such as ELK, EFK, AWS Cloudwatch, GCP Stackdriver
Stars: ✭ 143 (+27.68%)
Mutual labels:  elk-stack, elasticsearch, kibana
Elk Hole
elasticsearch, logstash and kibana configuration for pi-hole visualiziation
Stars: ✭ 136 (+21.43%)
Mutual labels:  elk-stack, elasticsearch, kibana
Spring Boot Microservice Eureka Zuul Docker
Spring-Boot rest microservices using Eureka, Zuul, Docker. Monitoring with logstash, logback, elasticsearch, kibana
Stars: ✭ 45 (-59.82%)
Mutual labels:  elasticsearch, docker-compose, kibana
Search Guard Kibana Plugin
This plugin for Kibana adds session management and multi tenancy to a Search Guard secured cluster.
Stars: ✭ 107 (-4.46%)
Mutual labels:  elk-stack, elasticsearch, kibana
Logstash
OSSEC + Logstash + Elasticsearch + Kibana
Stars: ✭ 74 (-33.93%)
Mutual labels:  elasticsearch, kibana
Jmeter Elasticsearch Backend Listener
JMeter plugin that lets you send sample results to an ElasticSearch engine to enable live monitoring of load tests.
Stars: ✭ 72 (-35.71%)
Mutual labels:  elasticsearch, kibana
Helm Elasticstack
Kubernetes Helm Charts and Tools to run Elastic Stack(ELK) on Azure Container Service(AKS)
Stars: ✭ 76 (-32.14%)
Mutual labels:  elasticsearch, kibana
Sentinl
Kibana Alert & Report App for Elasticsearch
Stars: ✭ 1,233 (+1000.89%)
Mutual labels:  elasticsearch, kibana
Elasticsearch Cli
Command line interface for ElasticSearch
Stars: ✭ 70 (-37.5%)
Mutual labels:  elasticsearch, kibana
Kibananestedsupportplugin
A plugin for Kibana 5.5 and beyond that adds support for nested field search and aggregation.
Stars: ✭ 78 (-30.36%)
Mutual labels:  elasticsearch, kibana
Systemdlogger
Exports systemd logs to an external service, eg cloudwatch, elasticsearch
Stars: ✭ 91 (-18.75%)
Mutual labels:  elasticsearch, kibana
View All Similar Projects ➔

Offensive ELK: Elasticsearch for Offensive Security

Offensive ELK is a custom Elasticsearch setup, aiming to show how traditional “defensive” tools can be effectively used for offensive security data analysis, helping your team collaborate and triage scan results.

In particular, Elasticsearch offers the chance to aggregate a multitude of disparate data sources, query them with a unified interface, with the aim of extracting actionable knowledge from a huge amount of unclassified data.

A full walkthrough that led me to this setup can be found at: https://www.marcolancini.it/2018/blog-elk-for-nmap/.

Usage

  1. Clone this repository:
❯ git clone https://github.com/marco-lancini/docker_offensive_elk.git
  1. Create the _data folder (if not present) and ensure it is owned by your own user:
❯ cd docker_offensive_elk/
❯ mkdir ./_data/
❯ sudo chown -R <user>:<user> ./_data/
  1. Start the stack using docker-compose:
docker-elk ❯ docker-compose up -d
  1. Give Kibana a few seconds to initialize, then access the Kibana web UI running at: http://localhost:5601.
  2. Start ingesting your nmap results.
  3. During the first run, create an index.

Ingest Nmap Results

In order to be able to ingest our Nmap scans, we will have to output the results in an XML formatted report (-oX) that can be parsed by Elasticsearch. Once done with the scans, place the reports in the ./_data/nmap/ folder and run the ingestor:

❯ docker-compose run ingestor
Starting elk_elasticsearch ... done
Processing /data/scan_192.168.1.0_24.xml file...
Sending Nmap data to Elasticsearch
Processing /data/scan_192.168.2.0_24.xml file...
Sending Nmap data to Elasticsearch
Processing /data/scan_192.168.3.0_24.xml file...
Sending Nmap data to Elasticsearch

Create an Index

  1. Open Kibana in your browser (http://localhost:5601) and you should be presented with a screen similar to the one below: elk_index_1

  2. Insert nmap* as index pattern and press "Next Step": elk_index_2

  3. In the "Time Filter" field name choose "time", then click on "Create Index Pattern": elk_index_3

  4. If everything goes well you should be presented with a page that lists every field in the nmap* index and the field's associated core type as recorded by Elasticsearch. elk_index_4

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].