outflanknl/RedELK v2.0.0-beta.4

on GitHub

Version 2.0.0 BETA4

• Many bug fixes
• Migrated background enrichment and alarm scripts to new modular setup
• Added support for Cobalt Strike 4.2 and 4.3
• Added sample data ingestor when running in dev mode
• Made sure Kibana searches Red Team Operations and Redirector Traffic are presented on top of list
• Included an ES password import for Jupyter notebooks
• Maximized the logging of docker logs
• Migrated to official Neo4j container instead of old BloodHound container
• Updated the RedELK Kibana app to include management of IP lists inside Kibana

What's new?

• Updates release notes for v2 beta4 @MarcOverIP (#168)
• Fix es fields @fastlorenzo (#169)
• Fixed rsync @fastlorenzo (#166)
• Fix logging @fastlorenzo (#165)
• Revert neo4j changes @fastlorenzo (#164)
• Updated neo4j container + added behind Nginx @fastlorenzo (#162)
• Nginx full config optional (via installer) @fastlorenzo (#152)
• Revert "Moved to neo4j official docker to fix #159" @MarcOverIP (#161)
• Moved to neo4j official docker to fix #159 @fastlorenzo (#160)
• Added possibility to set remote base path to get logs from @fastlorenzo (#154)
• Fixed Kibana dashboard links @fastlorenzo (#156)
• Added option to set docker max log size @fastlorenzo (#157)
• Fixed date parsing for HAProxy @fastlorenzo (#147)
• Migrate enrich.py to modular system @fastlorenzo (#117)
• yolo script for resetting index to RW @xychix (#145)
• Fix certbot-nginx-ssl issues and improved installer script @MarcOverIP (#128)
• Update filebeat_cobaltstrike.yml @ceramic-skate0 (#136)
• Update getremotelogs.sh to accept custom a SSH port @yamakadi (#135)
• Issue #41 item 4 added an alarm, patched a few others @xychix (#118)
• Refreshed index patterns @fastlorenzo (#121)
• Updated templates for bluecheck, email and credentials @MarcOverIP (#123)
• logstash email index fields renaming @MarcOverIP (#122)
• Fixed missing logger initialisation @fastlorenzo (#120)
• Added localhost as valid hostname @fastlorenzo (#119)
• Updated helper script @fastlorenzo (#116)
• Template updates regarding CS4.2 and other tuning @MarcOverIP (#115)
• Randomize Neo4j password at install @fastlorenzo (#99)
• Added dry-run mode @fastlorenzo (#100)
• [dev] Add sample data ingestor @fastlorenzo (#82)
• Upgrade to Elastic 7.10 @fastlorenzo (#112)
• Fix search with free text @fastlorenzo (#113)
• Fix for dev and non-existent domain @fastlorenzo (#111)
• Added TLS support for nginx @fastlorenzo (#79)
• Cobalt Strike 4.2 support @MarcOverIP (#110)
• BUGFIX: installer bash syntax error @xychix (#107)