├── .gitignore ├── config ├── elasticsearch.yml └── kibana.yml ├── docker-compose.yml ├── env.sample ├── parser ├── common │ └── common.go ├── dockerfile ├── dto │ └── dto.go ├── elk │ ├── dashboard │ │ └── dashboard.ndjson │ ├── dataview │ │ └── record.json │ ├── elk-dataview-get.sh │ ├── elk-dataview-import.sh │ ├── elk-dataview-list.sh │ ├── elk-load-data.sh │ ├── elk-pipeline-import.sh │ ├── elk-record-import.sh │ ├── elk-restart.sh │ ├── elk-saved-objects-get.sh │ ├── elk-saved-objects-import.sh │ ├── elk-saved-objects-list.sh │ ├── elk-start.sh │ ├── elk-teardown.sh │ ├── mapping │ │ └── record.json │ └── pipeline │ │ └── geoip.json ├── env.sample ├── go.mod ├── go.sum ├── lint.sh ├── load-data.sh ├── logs │ ├── ingest │ │ └── .keep │ ├── zipped-sample │ │ ├── enterprise.protection.outlook.com!helloworld.com!1703808000!1703894400.xml.gz │ │ └── google.com!helloworld.com!1704240000!1704326399.zip │ └── zipped │ │ └── .keep ├── main.go ├── output │ └── .keep └── start.sh ├── readme.md └── screenshot.png /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/.gitignore -------------------------------------------------------------------------------- /config/elasticsearch.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/config/elasticsearch.yml -------------------------------------------------------------------------------- /config/kibana.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/config/kibana.yml -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/docker-compose.yml -------------------------------------------------------------------------------- /env.sample: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/env.sample -------------------------------------------------------------------------------- /parser/common/common.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/common/common.go -------------------------------------------------------------------------------- /parser/dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/dockerfile -------------------------------------------------------------------------------- /parser/dto/dto.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/dto/dto.go -------------------------------------------------------------------------------- /parser/elk/dashboard/dashboard.ndjson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/dashboard/dashboard.ndjson -------------------------------------------------------------------------------- /parser/elk/dataview/record.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/dataview/record.json -------------------------------------------------------------------------------- /parser/elk/elk-dataview-get.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/elk-dataview-get.sh -------------------------------------------------------------------------------- /parser/elk/elk-dataview-import.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/elk-dataview-import.sh -------------------------------------------------------------------------------- /parser/elk/elk-dataview-list.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/elk-dataview-list.sh -------------------------------------------------------------------------------- /parser/elk/elk-load-data.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/elk-load-data.sh -------------------------------------------------------------------------------- /parser/elk/elk-pipeline-import.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/elk-pipeline-import.sh -------------------------------------------------------------------------------- /parser/elk/elk-record-import.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/elk-record-import.sh -------------------------------------------------------------------------------- /parser/elk/elk-restart.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/elk-restart.sh -------------------------------------------------------------------------------- /parser/elk/elk-saved-objects-get.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/elk-saved-objects-get.sh -------------------------------------------------------------------------------- /parser/elk/elk-saved-objects-import.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/elk-saved-objects-import.sh -------------------------------------------------------------------------------- /parser/elk/elk-saved-objects-list.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/elk-saved-objects-list.sh -------------------------------------------------------------------------------- /parser/elk/elk-start.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/elk-start.sh -------------------------------------------------------------------------------- /parser/elk/elk-teardown.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/elk-teardown.sh -------------------------------------------------------------------------------- /parser/elk/mapping/record.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/mapping/record.json -------------------------------------------------------------------------------- /parser/elk/pipeline/geoip.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/elk/pipeline/geoip.json -------------------------------------------------------------------------------- /parser/env.sample: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/env.sample -------------------------------------------------------------------------------- /parser/go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/go.mod -------------------------------------------------------------------------------- /parser/go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/go.sum -------------------------------------------------------------------------------- /parser/lint.sh: -------------------------------------------------------------------------------- 1 | gofmt -s -w . 2 | -------------------------------------------------------------------------------- /parser/load-data.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/load-data.sh -------------------------------------------------------------------------------- /parser/logs/ingest/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /parser/logs/zipped-sample/enterprise.protection.outlook.com!helloworld.com!1703808000!1703894400.xml.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/logs/zipped-sample/enterprise.protection.outlook.com!helloworld.com!1703808000!1703894400.xml.gz -------------------------------------------------------------------------------- /parser/logs/zipped-sample/google.com!helloworld.com!1704240000!1704326399.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/logs/zipped-sample/google.com!helloworld.com!1704240000!1704326399.zip -------------------------------------------------------------------------------- /parser/logs/zipped/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /parser/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/main.go -------------------------------------------------------------------------------- /parser/output/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /parser/start.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/parser/start.sh -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/readme.md -------------------------------------------------------------------------------- /screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evermight/elk-dmarc/HEAD/screenshot.png --------------------------------------------------------------------------------