├── .DS_Store ├── Dockerfile ├── Readme.md ├── bro-extra ├── Dockerfile-devel ├── __load__.bro ├── app-stats-list.bro ├── app-stats.bro ├── bro-extra.bro ├── broker-connector.bro ├── broker-consumer.bro ├── broker-listener.bro ├── conn_pcap.bro ├── conn_pcap_template.bro ├── conn_state.bro ├── contents.bro ├── cookie-log.bro ├── custom.bro ├── extract_files.bro ├── extract_files_template.bro ├── geoip.bro ├── intel.bro ├── locationextract.bro ├── logs-to-elasticsearch.bro ├── mac-logging.bro ├── packets-broker.bro ├── tcprs.bro └── tordetect.bro ├── bro-patch └── ElasticSearch.cc.patch ├── docker-compose.yml ├── docker-compose ├── alpine-elasticsearch │ └── docker-compose.yml ├── bro-desktop │ ├── Readme.md │ └── docker-compose.yml ├── bro-proxy-dump │ ├── commands │ └── docker-compose.yml └── debian-elasticsearch │ └── docker-compose.yml ├── php └── index.php ├── role ├── amqp-amqp ├── broctl ├── cmd-bare ├── cmd-elasticsearch ├── cmd-forensic ├── dump-elasticsearch ├── sshd ├── stdin-amqp ├── stdin-elasticsearch ├── stdin-forensic ├── xinetd-amqp ├── xinetd-elasticsearch ├── xinetd-forensic ├── xinetd-forensic-crc └── xinetd-splunk ├── scripts ├── bro-amqp.sh ├── bro-forensic-crc.sh ├── bro-forensic.sh ├── bro-mapping.sh ├── bro-splunk.sh ├── clean-elastic.sh ├── commands ├── elastic-indices.sh ├── kibana-config.sh ├── kibana-dashbords.json ├── kibana-querys.json ├── kibana-visualisations.json ├── kibana.json ├── packets-consumer.py ├── remove-mapping.sh ├── start-elastic.sh ├── update-intel.sh └── update_tor_serverlist.py ├── supervisord.conf └── xinetd ├── bro ├── bro-amqp ├── bro-forensic ├── bro-forensic-crc └── bro-splunk /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/.DS_Store -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/Dockerfile -------------------------------------------------------------------------------- /Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/Readme.md -------------------------------------------------------------------------------- /bro-extra/Dockerfile-devel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/Dockerfile-devel -------------------------------------------------------------------------------- /bro-extra/__load__.bro: -------------------------------------------------------------------------------- 1 | @load ./bro-extra.bro 2 | -------------------------------------------------------------------------------- /bro-extra/app-stats-list.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/app-stats-list.bro -------------------------------------------------------------------------------- /bro-extra/app-stats.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/app-stats.bro -------------------------------------------------------------------------------- /bro-extra/bro-extra.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/bro-extra.bro -------------------------------------------------------------------------------- /bro-extra/broker-connector.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/broker-connector.bro -------------------------------------------------------------------------------- /bro-extra/broker-consumer.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/broker-consumer.bro -------------------------------------------------------------------------------- /bro-extra/broker-listener.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/broker-listener.bro -------------------------------------------------------------------------------- /bro-extra/conn_pcap.bro: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /bro-extra/conn_pcap_template.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/conn_pcap_template.bro -------------------------------------------------------------------------------- /bro-extra/conn_state.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/conn_state.bro -------------------------------------------------------------------------------- /bro-extra/contents.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/contents.bro -------------------------------------------------------------------------------- /bro-extra/cookie-log.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/cookie-log.bro -------------------------------------------------------------------------------- /bro-extra/custom.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/custom.bro -------------------------------------------------------------------------------- /bro-extra/extract_files.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/extract_files.bro -------------------------------------------------------------------------------- /bro-extra/extract_files_template.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/extract_files_template.bro -------------------------------------------------------------------------------- /bro-extra/geoip.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/geoip.bro -------------------------------------------------------------------------------- /bro-extra/intel.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/intel.bro -------------------------------------------------------------------------------- /bro-extra/locationextract.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/locationextract.bro -------------------------------------------------------------------------------- /bro-extra/logs-to-elasticsearch.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/logs-to-elasticsearch.bro -------------------------------------------------------------------------------- /bro-extra/mac-logging.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/mac-logging.bro -------------------------------------------------------------------------------- /bro-extra/packets-broker.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/packets-broker.bro -------------------------------------------------------------------------------- /bro-extra/tcprs.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/tcprs.bro -------------------------------------------------------------------------------- /bro-extra/tordetect.bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-extra/tordetect.bro -------------------------------------------------------------------------------- /bro-patch/ElasticSearch.cc.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/bro-patch/ElasticSearch.cc.patch -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/docker-compose.yml -------------------------------------------------------------------------------- /docker-compose/alpine-elasticsearch/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/docker-compose/alpine-elasticsearch/docker-compose.yml -------------------------------------------------------------------------------- /docker-compose/bro-desktop/Readme.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docker-compose/bro-desktop/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/docker-compose/bro-desktop/docker-compose.yml -------------------------------------------------------------------------------- /docker-compose/bro-proxy-dump/commands: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/docker-compose/bro-proxy-dump/commands -------------------------------------------------------------------------------- /docker-compose/bro-proxy-dump/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/docker-compose/bro-proxy-dump/docker-compose.yml -------------------------------------------------------------------------------- /docker-compose/debian-elasticsearch/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/docker-compose/debian-elasticsearch/docker-compose.yml -------------------------------------------------------------------------------- /php/index.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/php/index.php -------------------------------------------------------------------------------- /role/amqp-amqp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/role/amqp-amqp -------------------------------------------------------------------------------- /role/broctl: -------------------------------------------------------------------------------- 1 | broctl 2 | -------------------------------------------------------------------------------- /role/cmd-bare: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/role/cmd-bare -------------------------------------------------------------------------------- /role/cmd-elasticsearch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/role/cmd-elasticsearch -------------------------------------------------------------------------------- /role/cmd-forensic: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/role/cmd-forensic -------------------------------------------------------------------------------- /role/dump-elasticsearch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/role/dump-elasticsearch -------------------------------------------------------------------------------- /role/sshd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/role/sshd -------------------------------------------------------------------------------- /role/stdin-amqp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/role/stdin-amqp -------------------------------------------------------------------------------- /role/stdin-elasticsearch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/role/stdin-elasticsearch -------------------------------------------------------------------------------- /role/stdin-forensic: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/role/stdin-forensic -------------------------------------------------------------------------------- /role/xinetd-amqp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/role/xinetd-amqp -------------------------------------------------------------------------------- /role/xinetd-elasticsearch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/role/xinetd-elasticsearch -------------------------------------------------------------------------------- /role/xinetd-forensic: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/role/xinetd-forensic -------------------------------------------------------------------------------- /role/xinetd-forensic-crc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/role/xinetd-forensic-crc -------------------------------------------------------------------------------- /role/xinetd-splunk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/role/xinetd-splunk -------------------------------------------------------------------------------- /scripts/bro-amqp.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/scripts/bro-amqp.sh -------------------------------------------------------------------------------- /scripts/bro-forensic-crc.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/scripts/bro-forensic-crc.sh -------------------------------------------------------------------------------- /scripts/bro-forensic.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/scripts/bro-forensic.sh -------------------------------------------------------------------------------- /scripts/bro-mapping.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/scripts/bro-mapping.sh -------------------------------------------------------------------------------- /scripts/bro-splunk.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Usage bro-splunk.sh HOST PORT 3 | bro -r - | curl -K http://$1:$2 4 | -------------------------------------------------------------------------------- /scripts/clean-elastic.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/scripts/clean-elastic.sh -------------------------------------------------------------------------------- /scripts/commands: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/scripts/commands -------------------------------------------------------------------------------- /scripts/elastic-indices.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | curl --silent 'elasticsearch:9200/_cat/indices?v' 3 | -------------------------------------------------------------------------------- /scripts/kibana-config.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/scripts/kibana-config.sh -------------------------------------------------------------------------------- /scripts/kibana-dashbords.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/scripts/kibana-dashbords.json -------------------------------------------------------------------------------- /scripts/kibana-querys.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/scripts/kibana-querys.json -------------------------------------------------------------------------------- /scripts/kibana-visualisations.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/scripts/kibana-visualisations.json -------------------------------------------------------------------------------- /scripts/kibana.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/scripts/kibana.json -------------------------------------------------------------------------------- /scripts/packets-consumer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/scripts/packets-consumer.py -------------------------------------------------------------------------------- /scripts/remove-mapping.sh: -------------------------------------------------------------------------------- 1 | curl -XDELETE elasticsearch:9200/_template/fixstrings_bro 2 | -------------------------------------------------------------------------------- /scripts/start-elastic.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/scripts/start-elastic.sh -------------------------------------------------------------------------------- /scripts/update-intel.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/scripts/update-intel.sh -------------------------------------------------------------------------------- /scripts/update_tor_serverlist.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/scripts/update_tor_serverlist.py -------------------------------------------------------------------------------- /supervisord.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/supervisord.conf -------------------------------------------------------------------------------- /xinetd/bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/xinetd/bro -------------------------------------------------------------------------------- /xinetd/bro-amqp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/xinetd/bro-amqp -------------------------------------------------------------------------------- /xinetd/bro-forensic: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/xinetd/bro-forensic -------------------------------------------------------------------------------- /xinetd/bro-forensic-crc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/xinetd/bro-forensic-crc -------------------------------------------------------------------------------- /xinetd/bro-splunk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielguerra69/bro-debian-elasticsearch/HEAD/xinetd/bro-splunk --------------------------------------------------------------------------------