├── .gitignore ├── CHANGELOG.md ├── LICENSE ├── README.md ├── Vagrantfile ├── Vagrantfile.verbose └── siem ├── certs ├── myca │ └── .gitkeep └── siem │ └── .gitkeep ├── conf ├── auditbeat │ ├── auditbeat-win.yml │ └── auditbeat.yml ├── elasticsearch │ ├── elasticsearch.yml │ └── jvm.options ├── filebeat │ ├── filebeat-win.yml │ └── filebeat.yml ├── kibana │ └── kibana.yml ├── logstash │ └── conf.d │ │ ├── filter-syslog.conf │ │ ├── input-beats.conf │ │ └── output-elasticsearch.conf ├── make-ca │ ├── default.conf │ └── myca.conf ├── packetbeat │ ├── packetbeat-win.yml │ └── packetbeat.yml ├── siem │ └── config.sh └── winlogbeat │ ├── winlogbeat-7.9.0.template.json │ └── winlogbeat.yml ├── helpers ├── create-lab-cert.sh ├── get-resources.sh ├── logo.sh ├── make-ca.sh ├── make-clean.sh ├── set-certs.sh └── update-powershell-conf.sh ├── installers ├── debian-install-auditbeat.sh ├── debian-install-filebeat.sh ├── debian-install-packetbeat.sh ├── windows-install-auditbeat.ps1 ├── windows-install-filebeat.ps1 ├── windows-install-packetbeat.ps1 └── windows-install-winlogbeat.ps1 ├── resources └── .gitkeep └── scripts ├── debian-check-siem-certs.sh ├── debian-check-siem-resources.sh ├── debian-install-java11.sh ├── debian-install-root-cert.sh ├── debian-install-siem-one-line.sh ├── debian-install-siem.sh ├── debian-upgrade.sh └── global-update-powershell-config.sh /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/.gitignore -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/CHANGELOG.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/README.md -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/Vagrantfile -------------------------------------------------------------------------------- /Vagrantfile.verbose: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/Vagrantfile.verbose -------------------------------------------------------------------------------- /siem/certs/myca/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /siem/certs/siem/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /siem/conf/auditbeat/auditbeat-win.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/auditbeat/auditbeat-win.yml -------------------------------------------------------------------------------- /siem/conf/auditbeat/auditbeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/auditbeat/auditbeat.yml -------------------------------------------------------------------------------- /siem/conf/elasticsearch/elasticsearch.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/elasticsearch/elasticsearch.yml -------------------------------------------------------------------------------- /siem/conf/elasticsearch/jvm.options: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/elasticsearch/jvm.options -------------------------------------------------------------------------------- /siem/conf/filebeat/filebeat-win.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/filebeat/filebeat-win.yml -------------------------------------------------------------------------------- /siem/conf/filebeat/filebeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/filebeat/filebeat.yml -------------------------------------------------------------------------------- /siem/conf/kibana/kibana.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/kibana/kibana.yml -------------------------------------------------------------------------------- /siem/conf/logstash/conf.d/filter-syslog.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/logstash/conf.d/filter-syslog.conf -------------------------------------------------------------------------------- /siem/conf/logstash/conf.d/input-beats.conf: -------------------------------------------------------------------------------- 1 | 2 | 3 | input { beats { port => 5044 } } -------------------------------------------------------------------------------- /siem/conf/logstash/conf.d/output-elasticsearch.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/logstash/conf.d/output-elasticsearch.conf -------------------------------------------------------------------------------- /siem/conf/make-ca/default.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/make-ca/default.conf -------------------------------------------------------------------------------- /siem/conf/make-ca/myca.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/make-ca/myca.conf -------------------------------------------------------------------------------- /siem/conf/packetbeat/packetbeat-win.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/packetbeat/packetbeat-win.yml -------------------------------------------------------------------------------- /siem/conf/packetbeat/packetbeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/packetbeat/packetbeat.yml -------------------------------------------------------------------------------- /siem/conf/siem/config.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/siem/config.sh -------------------------------------------------------------------------------- /siem/conf/winlogbeat/winlogbeat-7.9.0.template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/winlogbeat/winlogbeat-7.9.0.template.json -------------------------------------------------------------------------------- /siem/conf/winlogbeat/winlogbeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/conf/winlogbeat/winlogbeat.yml -------------------------------------------------------------------------------- /siem/helpers/create-lab-cert.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/helpers/create-lab-cert.sh -------------------------------------------------------------------------------- /siem/helpers/get-resources.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/helpers/get-resources.sh -------------------------------------------------------------------------------- /siem/helpers/logo.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/helpers/logo.sh -------------------------------------------------------------------------------- /siem/helpers/make-ca.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/helpers/make-ca.sh -------------------------------------------------------------------------------- /siem/helpers/make-clean.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/helpers/make-clean.sh -------------------------------------------------------------------------------- /siem/helpers/set-certs.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/helpers/set-certs.sh -------------------------------------------------------------------------------- /siem/helpers/update-powershell-conf.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/helpers/update-powershell-conf.sh -------------------------------------------------------------------------------- /siem/installers/debian-install-auditbeat.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/installers/debian-install-auditbeat.sh -------------------------------------------------------------------------------- /siem/installers/debian-install-filebeat.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/installers/debian-install-filebeat.sh -------------------------------------------------------------------------------- /siem/installers/debian-install-packetbeat.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/installers/debian-install-packetbeat.sh -------------------------------------------------------------------------------- /siem/installers/windows-install-auditbeat.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/installers/windows-install-auditbeat.ps1 -------------------------------------------------------------------------------- /siem/installers/windows-install-filebeat.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/installers/windows-install-filebeat.ps1 -------------------------------------------------------------------------------- /siem/installers/windows-install-packetbeat.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/installers/windows-install-packetbeat.ps1 -------------------------------------------------------------------------------- /siem/installers/windows-install-winlogbeat.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/installers/windows-install-winlogbeat.ps1 -------------------------------------------------------------------------------- /siem/resources/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /siem/scripts/debian-check-siem-certs.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/scripts/debian-check-siem-certs.sh -------------------------------------------------------------------------------- /siem/scripts/debian-check-siem-resources.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/scripts/debian-check-siem-resources.sh -------------------------------------------------------------------------------- /siem/scripts/debian-install-java11.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/scripts/debian-install-java11.sh -------------------------------------------------------------------------------- /siem/scripts/debian-install-root-cert.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/scripts/debian-install-root-cert.sh -------------------------------------------------------------------------------- /siem/scripts/debian-install-siem-one-line.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/scripts/debian-install-siem-one-line.sh -------------------------------------------------------------------------------- /siem/scripts/debian-install-siem.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/scripts/debian-install-siem.sh -------------------------------------------------------------------------------- /siem/scripts/debian-upgrade.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/scripts/debian-upgrade.sh -------------------------------------------------------------------------------- /siem/scripts/global-update-powershell-config.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dirtyfilthy/siem-from-scratch/HEAD/siem/scripts/global-update-powershell-config.sh --------------------------------------------------------------------------------