├── License.md ├── dashboards ├── all-kibana.json ├── kibana-network.json └── password-dump-analysis.json ├── documentation ├── 01-basics.html ├── 01-basics.md ├── 02-setup.html ├── 02-setup.md ├── 03-backup-es.html ├── 03-backup-es.md ├── 04-alerting-and-dashboards.html ├── 04-alerting-and-dashboards.md ├── 05-ansible-playbook.html ├── 05-ansible-playbook.md ├── 06-security-testing.html ├── 06-security-testing.md ├── 07-general-best-practices-checklist.html ├── 07-general-best-practices-checklist.md ├── 08-exercise.html ├── 08-exercise.md ├── 09-q-and-a-end.html ├── 09-q-and-a-end.md ├── extras │ ├── alternative-options.html │ ├── alternative-options.md │ ├── elasticsearch-config-checklist.html │ └── elasticsearch-config-checklist.md ├── images │ ├── ELK_basic_setup.png │ ├── apacheregex.png │ ├── appsecco.png │ ├── beats_def.png │ ├── elasticsearch-head-plugin.png │ ├── elasticsearch-hq-plugin.png │ ├── elasticsearch_def.png │ ├── elk_overall.png │ ├── es-c-1.png │ ├── es-c-2.png │ ├── es-c-3.png │ ├── es-c-4.png │ ├── es-c-5.png │ ├── es-c-6.png │ ├── itinfra.png │ ├── k-1.png │ ├── k-10.png │ ├── k-11.png │ ├── k-2.png │ ├── k-3.png │ ├── k-4.png │ ├── k-5.png │ ├── k-6.png │ ├── k-7.png │ ├── k-8.png │ ├── k-9.png │ ├── kibana-attack-dashboard.png │ ├── kibana-ssh-dashboard.png │ ├── kibana-web-dashboard.png │ ├── kibana_def.png │ ├── logstash.png │ ├── logstash_def.png │ ├── monitor.png │ ├── network-dashboard.png │ ├── ninja.png │ ├── ourstructure.pdn │ ├── ourstructure.png │ ├── pentest │ │ ├── BasicAuthOverHTTP-2.png │ │ ├── BasicAuthOverHTTP.png │ │ ├── httpAuth.png │ │ ├── hydrapasscrack.png │ │ ├── hydrasshpasscrack.png │ │ ├── kibana_verbose_error.png │ │ ├── nmapscan.png │ │ └── serviceenum.png │ ├── pwd-analysis.png │ └── setup │ │ ├── hostsfile_win.png │ │ ├── vbox_import_ova.png │ │ └── vbox_import_ova_change_disk_location.png ├── references.html ├── references.md ├── start.html └── start.md ├── elk-ansible-playbook ├── group_vars │ └── all ├── inventory.ini ├── main.yml ├── readme.md └── roles │ ├── common │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ ├── certificates.yml │ │ ├── main.yml │ │ └── nginx.yml │ └── templates │ │ └── nginxdefault.j2 │ ├── elasticsearch │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ ├── curator.yml │ │ ├── esconfig.yml │ │ ├── install.yml │ │ ├── main.yml │ │ └── plugins.yml │ └── templates │ │ ├── curator_snapshot.sh.j2 │ │ └── elasticsearch.yml.j2 │ ├── kibana │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ ├── kibanaconfig.yml │ │ ├── kibanainstall.yml │ │ └── main.yml │ └── templates │ │ └── kibanaconfig.j2 │ └── logstash │ ├── handlers │ └── main.yml │ ├── tasks │ ├── logstashconfig.yml │ ├── logstashinstall.yml │ └── main.yml │ └── templates │ ├── 02-beats-input.conf │ ├── 10-sshlog-filter.conf │ ├── 11-weblog-filter.conf │ ├── 30-elasticsearch-output.conf │ └── filebeat.yml ├── logstash-configs ├── ddos.conf ├── filebeat-web-ssh-logstash-config │ ├── 02-beats-input.conf │ ├── 10-sshlog-filter.conf │ ├── 11-weblog-filter.conf │ └── 30-elasticsearch-output.conf ├── network.conf ├── pwd-dump.conf ├── ssh-log.conf └── web-log.conf ├── readme.md └── vm-content ├── configs ├── filebeat.yml ├── network.conf ├── ssh-log.conf └── web-log.conf ├── dashboards ├── all-kibana.json └── kibana-network.json ├── exercise ├── custom ├── elasticsearch-template.json ├── kibana-network.json └── network.conf └── log-samples ├── access.log ├── ddos.log ├── filebeat.tar.gz └── network.log /License.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/License.md -------------------------------------------------------------------------------- /dashboards/all-kibana.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/dashboards/all-kibana.json -------------------------------------------------------------------------------- /dashboards/kibana-network.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/dashboards/kibana-network.json -------------------------------------------------------------------------------- /dashboards/password-dump-analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/dashboards/password-dump-analysis.json -------------------------------------------------------------------------------- /documentation/01-basics.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/01-basics.html -------------------------------------------------------------------------------- /documentation/01-basics.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/01-basics.md -------------------------------------------------------------------------------- /documentation/02-setup.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/02-setup.html -------------------------------------------------------------------------------- /documentation/02-setup.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/02-setup.md -------------------------------------------------------------------------------- /documentation/03-backup-es.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/03-backup-es.html -------------------------------------------------------------------------------- /documentation/03-backup-es.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/03-backup-es.md -------------------------------------------------------------------------------- /documentation/04-alerting-and-dashboards.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/04-alerting-and-dashboards.html -------------------------------------------------------------------------------- /documentation/04-alerting-and-dashboards.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/04-alerting-and-dashboards.md -------------------------------------------------------------------------------- /documentation/05-ansible-playbook.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/05-ansible-playbook.html -------------------------------------------------------------------------------- /documentation/05-ansible-playbook.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/05-ansible-playbook.md -------------------------------------------------------------------------------- /documentation/06-security-testing.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/06-security-testing.html -------------------------------------------------------------------------------- /documentation/06-security-testing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/06-security-testing.md -------------------------------------------------------------------------------- /documentation/07-general-best-practices-checklist.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/07-general-best-practices-checklist.html -------------------------------------------------------------------------------- /documentation/07-general-best-practices-checklist.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/07-general-best-practices-checklist.md -------------------------------------------------------------------------------- /documentation/08-exercise.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/08-exercise.html -------------------------------------------------------------------------------- /documentation/08-exercise.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/08-exercise.md -------------------------------------------------------------------------------- /documentation/09-q-and-a-end.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/09-q-and-a-end.html -------------------------------------------------------------------------------- /documentation/09-q-and-a-end.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/09-q-and-a-end.md -------------------------------------------------------------------------------- /documentation/extras/alternative-options.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/extras/alternative-options.html -------------------------------------------------------------------------------- /documentation/extras/alternative-options.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/extras/alternative-options.md -------------------------------------------------------------------------------- /documentation/extras/elasticsearch-config-checklist.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/extras/elasticsearch-config-checklist.html -------------------------------------------------------------------------------- /documentation/extras/elasticsearch-config-checklist.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/extras/elasticsearch-config-checklist.md -------------------------------------------------------------------------------- /documentation/images/ELK_basic_setup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/ELK_basic_setup.png -------------------------------------------------------------------------------- /documentation/images/apacheregex.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/apacheregex.png -------------------------------------------------------------------------------- /documentation/images/appsecco.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/appsecco.png -------------------------------------------------------------------------------- /documentation/images/beats_def.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/beats_def.png -------------------------------------------------------------------------------- /documentation/images/elasticsearch-head-plugin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/elasticsearch-head-plugin.png -------------------------------------------------------------------------------- /documentation/images/elasticsearch-hq-plugin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/elasticsearch-hq-plugin.png -------------------------------------------------------------------------------- /documentation/images/elasticsearch_def.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/elasticsearch_def.png -------------------------------------------------------------------------------- /documentation/images/elk_overall.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/elk_overall.png -------------------------------------------------------------------------------- /documentation/images/es-c-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/es-c-1.png -------------------------------------------------------------------------------- /documentation/images/es-c-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/es-c-2.png -------------------------------------------------------------------------------- /documentation/images/es-c-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/es-c-3.png -------------------------------------------------------------------------------- /documentation/images/es-c-4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/es-c-4.png -------------------------------------------------------------------------------- /documentation/images/es-c-5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/es-c-5.png -------------------------------------------------------------------------------- /documentation/images/es-c-6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/es-c-6.png -------------------------------------------------------------------------------- /documentation/images/itinfra.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/itinfra.png -------------------------------------------------------------------------------- /documentation/images/k-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/k-1.png -------------------------------------------------------------------------------- /documentation/images/k-10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/k-10.png -------------------------------------------------------------------------------- /documentation/images/k-11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/k-11.png -------------------------------------------------------------------------------- /documentation/images/k-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/k-2.png -------------------------------------------------------------------------------- /documentation/images/k-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/k-3.png -------------------------------------------------------------------------------- /documentation/images/k-4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/k-4.png -------------------------------------------------------------------------------- /documentation/images/k-5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/k-5.png -------------------------------------------------------------------------------- /documentation/images/k-6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/k-6.png -------------------------------------------------------------------------------- /documentation/images/k-7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/k-7.png -------------------------------------------------------------------------------- /documentation/images/k-8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/k-8.png -------------------------------------------------------------------------------- /documentation/images/k-9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/k-9.png -------------------------------------------------------------------------------- /documentation/images/kibana-attack-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/kibana-attack-dashboard.png -------------------------------------------------------------------------------- /documentation/images/kibana-ssh-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/kibana-ssh-dashboard.png -------------------------------------------------------------------------------- /documentation/images/kibana-web-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/kibana-web-dashboard.png -------------------------------------------------------------------------------- /documentation/images/kibana_def.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/kibana_def.png -------------------------------------------------------------------------------- /documentation/images/logstash.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/logstash.png -------------------------------------------------------------------------------- /documentation/images/logstash_def.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/logstash_def.png -------------------------------------------------------------------------------- /documentation/images/monitor.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/monitor.png -------------------------------------------------------------------------------- /documentation/images/network-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/network-dashboard.png -------------------------------------------------------------------------------- /documentation/images/ninja.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/ninja.png -------------------------------------------------------------------------------- /documentation/images/ourstructure.pdn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/ourstructure.pdn -------------------------------------------------------------------------------- /documentation/images/ourstructure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/ourstructure.png -------------------------------------------------------------------------------- /documentation/images/pentest/BasicAuthOverHTTP-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/pentest/BasicAuthOverHTTP-2.png -------------------------------------------------------------------------------- /documentation/images/pentest/BasicAuthOverHTTP.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/pentest/BasicAuthOverHTTP.png -------------------------------------------------------------------------------- /documentation/images/pentest/httpAuth.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/pentest/httpAuth.png -------------------------------------------------------------------------------- /documentation/images/pentest/hydrapasscrack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/pentest/hydrapasscrack.png -------------------------------------------------------------------------------- /documentation/images/pentest/hydrasshpasscrack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/pentest/hydrasshpasscrack.png -------------------------------------------------------------------------------- /documentation/images/pentest/kibana_verbose_error.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/pentest/kibana_verbose_error.png -------------------------------------------------------------------------------- /documentation/images/pentest/nmapscan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/pentest/nmapscan.png -------------------------------------------------------------------------------- /documentation/images/pentest/serviceenum.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/pentest/serviceenum.png -------------------------------------------------------------------------------- /documentation/images/pwd-analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/pwd-analysis.png -------------------------------------------------------------------------------- /documentation/images/setup/hostsfile_win.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/setup/hostsfile_win.png -------------------------------------------------------------------------------- /documentation/images/setup/vbox_import_ova.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/setup/vbox_import_ova.png -------------------------------------------------------------------------------- /documentation/images/setup/vbox_import_ova_change_disk_location.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/images/setup/vbox_import_ova_change_disk_location.png -------------------------------------------------------------------------------- /documentation/references.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/references.html -------------------------------------------------------------------------------- /documentation/references.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/references.md -------------------------------------------------------------------------------- /documentation/start.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/documentation/start.html -------------------------------------------------------------------------------- /documentation/start.md: -------------------------------------------------------------------------------- 1 | ### [Welcome](01-basics.md) -------------------------------------------------------------------------------- /elk-ansible-playbook/group_vars/all: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/group_vars/all -------------------------------------------------------------------------------- /elk-ansible-playbook/inventory.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/inventory.ini -------------------------------------------------------------------------------- /elk-ansible-playbook/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/main.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/readme.md -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/common/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/common/handlers/main.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/common/tasks/certificates.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/common/tasks/certificates.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/common/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/common/tasks/main.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/common/tasks/nginx.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/common/tasks/nginx.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/common/templates/nginxdefault.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/common/templates/nginxdefault.j2 -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/elasticsearch/defaults/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/elasticsearch/defaults/main.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/elasticsearch/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/elasticsearch/handlers/main.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/elasticsearch/tasks/curator.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/elasticsearch/tasks/curator.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/elasticsearch/tasks/esconfig.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/elasticsearch/tasks/esconfig.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/elasticsearch/tasks/install.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/elasticsearch/tasks/install.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/elasticsearch/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/elasticsearch/tasks/main.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/elasticsearch/tasks/plugins.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/elasticsearch/tasks/plugins.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/elasticsearch/templates/curator_snapshot.sh.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/elasticsearch/templates/curator_snapshot.sh.j2 -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/elasticsearch/templates/elasticsearch.yml.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/elasticsearch/templates/elasticsearch.yml.j2 -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/kibana/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/kibana/handlers/main.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/kibana/tasks/kibanaconfig.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/kibana/tasks/kibanaconfig.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/kibana/tasks/kibanainstall.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/kibana/tasks/kibanainstall.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/kibana/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/kibana/tasks/main.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/kibana/templates/kibanaconfig.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/kibana/templates/kibanaconfig.j2 -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/logstash/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/logstash/handlers/main.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/logstash/tasks/logstashconfig.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/logstash/tasks/logstashconfig.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/logstash/tasks/logstashinstall.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/logstash/tasks/logstashinstall.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/logstash/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/logstash/tasks/main.yml -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/logstash/templates/02-beats-input.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/logstash/templates/02-beats-input.conf -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/logstash/templates/10-sshlog-filter.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/logstash/templates/10-sshlog-filter.conf -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/logstash/templates/11-weblog-filter.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/logstash/templates/11-weblog-filter.conf -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/logstash/templates/30-elasticsearch-output.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/logstash/templates/30-elasticsearch-output.conf -------------------------------------------------------------------------------- /elk-ansible-playbook/roles/logstash/templates/filebeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/elk-ansible-playbook/roles/logstash/templates/filebeat.yml -------------------------------------------------------------------------------- /logstash-configs/ddos.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/logstash-configs/ddos.conf -------------------------------------------------------------------------------- /logstash-configs/filebeat-web-ssh-logstash-config/02-beats-input.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/logstash-configs/filebeat-web-ssh-logstash-config/02-beats-input.conf -------------------------------------------------------------------------------- /logstash-configs/filebeat-web-ssh-logstash-config/10-sshlog-filter.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/logstash-configs/filebeat-web-ssh-logstash-config/10-sshlog-filter.conf -------------------------------------------------------------------------------- /logstash-configs/filebeat-web-ssh-logstash-config/11-weblog-filter.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/logstash-configs/filebeat-web-ssh-logstash-config/11-weblog-filter.conf -------------------------------------------------------------------------------- /logstash-configs/filebeat-web-ssh-logstash-config/30-elasticsearch-output.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/logstash-configs/filebeat-web-ssh-logstash-config/30-elasticsearch-output.conf -------------------------------------------------------------------------------- /logstash-configs/network.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/logstash-configs/network.conf -------------------------------------------------------------------------------- /logstash-configs/pwd-dump.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/logstash-configs/pwd-dump.conf -------------------------------------------------------------------------------- /logstash-configs/ssh-log.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/logstash-configs/ssh-log.conf -------------------------------------------------------------------------------- /logstash-configs/web-log.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/logstash-configs/web-log.conf -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/readme.md -------------------------------------------------------------------------------- /vm-content/configs/filebeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/vm-content/configs/filebeat.yml -------------------------------------------------------------------------------- /vm-content/configs/network.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/vm-content/configs/network.conf -------------------------------------------------------------------------------- /vm-content/configs/ssh-log.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/vm-content/configs/ssh-log.conf -------------------------------------------------------------------------------- /vm-content/configs/web-log.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/vm-content/configs/web-log.conf -------------------------------------------------------------------------------- /vm-content/dashboards/all-kibana.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/vm-content/dashboards/all-kibana.json -------------------------------------------------------------------------------- /vm-content/dashboards/kibana-network.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/vm-content/dashboards/kibana-network.json -------------------------------------------------------------------------------- /vm-content/exercise/custom: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/vm-content/exercise/custom -------------------------------------------------------------------------------- /vm-content/exercise/elasticsearch-template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/vm-content/exercise/elasticsearch-template.json -------------------------------------------------------------------------------- /vm-content/exercise/kibana-network.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/vm-content/exercise/kibana-network.json -------------------------------------------------------------------------------- /vm-content/exercise/network.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/vm-content/exercise/network.conf -------------------------------------------------------------------------------- /vm-content/log-samples/access.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/vm-content/log-samples/access.log -------------------------------------------------------------------------------- /vm-content/log-samples/ddos.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/vm-content/log-samples/ddos.log -------------------------------------------------------------------------------- /vm-content/log-samples/filebeat.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/vm-content/log-samples/filebeat.tar.gz -------------------------------------------------------------------------------- /vm-content/log-samples/network.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appsecco/defcon24-infra-monitoring-workshop/HEAD/vm-content/log-samples/network.log --------------------------------------------------------------------------------