├── .env
├── case_data
    └── .gitignore
├── chainsaw
    └── Dockerfile
├── config
    ├── filebeat.yml
    ├── kibana.yml
    └── logstash.yml
├── createindices.sh
├── dashboards
    └── dashboards.ndjson
├── docker-compose-dashboards.yml
├── docker-compose-scans.yml
├── docker-compose.yml
├── elasticsearch
    ├── .DS_Store
    └── data
    │   └── .gitignore
├── filebeat
    ├── apache
    │   └── .gitignore
    ├── apacheerr
    │   └── .gitignore
    ├── iis
    │   └── .gitignore
    ├── iiserr
    │   └── .gitignore
    ├── nginx
    │   └── .gitignore
    └── nginxerr
    │   └── .gitignore
├── hayabusa
    └── Dockerfile
├── images
    ├── dashboards.png
    ├── docker_compose_conf.png
    ├── running_dfir_thing.png
    └── thedfirthinglogo.png
├── import.sh
├── logstash
    ├── .DS_Store
    ├── confs
    │   ├── .DS_Store
    │   ├── any_json.conf
    │   ├── chainsawjson.conf
    │   └── hayabusajson.conf
    ├── dlq
    │   └── .gitignore
    ├── ingest
    │   ├── .DS_Store
    │   ├── chainsaw_json
    │   │   └── .gitignore
    │   ├── hayabusa_json
    │   │   └── .gitignore
    │   ├── random_json
    │   │   └── .gitignore
    │   └── regipy_json
    │   │   └── .gitignore
    └── sincedb
    │   └── .gitignore
├── readme.md
└── regipy
    ├── parse_registry.py
    └── requirements.txt


/.env:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/.env


--------------------------------------------------------------------------------
/case_data/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/case_data/.gitignore


--------------------------------------------------------------------------------
/chainsaw/Dockerfile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/chainsaw/Dockerfile


--------------------------------------------------------------------------------
/config/filebeat.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/config/filebeat.yml


--------------------------------------------------------------------------------
/config/kibana.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/config/kibana.yml


--------------------------------------------------------------------------------
/config/logstash.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/config/logstash.yml


--------------------------------------------------------------------------------
/createindices.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/createindices.sh


--------------------------------------------------------------------------------
/dashboards/dashboards.ndjson:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/dashboards/dashboards.ndjson


--------------------------------------------------------------------------------
/docker-compose-dashboards.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/docker-compose-dashboards.yml


--------------------------------------------------------------------------------
/docker-compose-scans.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/docker-compose-scans.yml


--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/docker-compose.yml


--------------------------------------------------------------------------------
/elasticsearch/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/elasticsearch/.DS_Store


--------------------------------------------------------------------------------
/elasticsearch/data/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/elasticsearch/data/.gitignore


--------------------------------------------------------------------------------
/filebeat/apache/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/filebeat/apache/.gitignore


--------------------------------------------------------------------------------
/filebeat/apacheerr/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/filebeat/apacheerr/.gitignore


--------------------------------------------------------------------------------
/filebeat/iis/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/filebeat/iis/.gitignore


--------------------------------------------------------------------------------
/filebeat/iiserr/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/filebeat/iiserr/.gitignore


--------------------------------------------------------------------------------
/filebeat/nginx/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/filebeat/nginx/.gitignore


--------------------------------------------------------------------------------
/filebeat/nginxerr/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/filebeat/nginxerr/.gitignore


--------------------------------------------------------------------------------
/hayabusa/Dockerfile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/hayabusa/Dockerfile


--------------------------------------------------------------------------------
/images/dashboards.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/images/dashboards.png


--------------------------------------------------------------------------------
/images/docker_compose_conf.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/images/docker_compose_conf.png


--------------------------------------------------------------------------------
/images/running_dfir_thing.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/images/running_dfir_thing.png


--------------------------------------------------------------------------------
/images/thedfirthinglogo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/images/thedfirthinglogo.png


--------------------------------------------------------------------------------
/import.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/import.sh


--------------------------------------------------------------------------------
/logstash/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/logstash/.DS_Store


--------------------------------------------------------------------------------
/logstash/confs/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/logstash/confs/.DS_Store


--------------------------------------------------------------------------------
/logstash/confs/any_json.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/logstash/confs/any_json.conf


--------------------------------------------------------------------------------
/logstash/confs/chainsawjson.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/logstash/confs/chainsawjson.conf


--------------------------------------------------------------------------------
/logstash/confs/hayabusajson.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/logstash/confs/hayabusajson.conf


--------------------------------------------------------------------------------
/logstash/dlq/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/logstash/dlq/.gitignore


--------------------------------------------------------------------------------
/logstash/ingest/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/logstash/ingest/.DS_Store


--------------------------------------------------------------------------------
/logstash/ingest/chainsaw_json/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/logstash/ingest/chainsaw_json/.gitignore


--------------------------------------------------------------------------------
/logstash/ingest/hayabusa_json/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/logstash/ingest/hayabusa_json/.gitignore


--------------------------------------------------------------------------------
/logstash/ingest/random_json/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/logstash/ingest/random_json/.gitignore


--------------------------------------------------------------------------------
/logstash/ingest/regipy_json/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/logstash/ingest/regipy_json/.gitignore


--------------------------------------------------------------------------------
/logstash/sincedb/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/logstash/sincedb/.gitignore


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/readme.md


--------------------------------------------------------------------------------
/regipy/parse_registry.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JouniMi/TheDFIRThing/HEAD/regipy/parse_registry.py


--------------------------------------------------------------------------------
/regipy/requirements.txt:
--------------------------------------------------------------------------------
1 | regipy[full]


--------------------------------------------------------------------------------