RedELK Version 1.0 release notes:
- Support for Apache redirectors
- Support for Cobalt Strike 4.0
- Fixed bug in useragent alarm, now uses config file as input
- Added example configurations for HAProxy and Apache that show how to setup the logging required for RedELK
- Added example Cobalt Strike Mallable profile that works with the example configs of Apache and HAProxy
- Added RedELKFieldnames.md with detailed info on the field names in RedELK
- ES index haproxytraffic renamed to redirtraffic to better suit the support for Apache (and future redirectors)
- ES field name overhaul to better suit the support for Apache
- Renamed of Kibana views, visualisations and dashboards for better usability, i.e. Redirector Traffic, Red Team Operations, CS Downloads, CS Keystrokes, CS IOCs, CS Screenshots and CS Beacons.
- Adjustment of logstash filter rules to support the aforementioned renaming as well as Apache.
- Adjusting enrichment and alarming python scripts to support the aforementioned renaming.
- Changed alarm script to use redir destination c2* instead of cobaltstrike*
- Minor changes to type definitions of fields, e.g. IPs now stored as IP instead of string.
- Explicit check and quit with error for non-apt based distributions during installation.
- Redir installation script now checks for presence /etc/logrotate.d/haproxy before trying to adjust it.
- Dozens of minor changes