├── .gitignore ├── LICENSE ├── README.md ├── alerts ├── example.yml ├── example2.yml └── example3.yml ├── containers ├── elastalert │ ├── Dockerfile │ ├── config.yml │ ├── requirements.txt │ └── run.sh ├── elasticsearch │ ├── Dockerfile │ └── config │ │ └── elasticsearch.yml ├── input-modules │ ├── auditd │ │ ├── Dockerfile │ │ └── filebeat.yml │ ├── cleanup │ │ ├── Dockerfile │ │ ├── requirements.txt │ │ └── script.py │ ├── evtx │ │ ├── Dockerfile │ │ ├── evtxtoelk.py │ │ ├── requirements.txt │ │ └── script.py │ ├── nessus │ │ ├── Dockerfile │ │ └── filebeat.yml │ ├── netflow │ │ ├── Dockerfile │ │ ├── requirements.txt │ │ └── script.py │ └── syslog │ │ ├── Dockerfile │ │ └── filebeat.yml ├── jupyter │ ├── Dockerfile │ └── conf │ │ ├── jupyter_notebook_config.py │ │ └── requirements.txt ├── kibana │ ├── Dockerfile │ └── config │ │ ├── kibana.yml │ │ └── plugins │ │ ├── srirachaiq_alerts-1.0.0.zip │ │ └── srirachaiq_jupyter-1.0.0.zip ├── logstash │ ├── Dockerfile │ ├── config │ │ ├── logstash.yml │ │ └── pipelines.yml │ └── pipeline │ │ ├── nessus.conf │ │ └── netflow.conf └── setup │ ├── Dockerfile │ ├── extras │ └── kibana-config.ndjson │ └── scripts │ └── setup-kibana.sh ├── data-inputs ├── README.md ├── auditd │ └── .keep ├── auth │ └── .keep ├── evtx │ └── .keep ├── nessus │ └── .keep ├── netflow │ └── .keep └── syslog │ └── .keep ├── docker-compose.yml ├── environment_variables ├── misc ├── SrirachaIQ_Architecture.drawio ├── SrirachaIQ_Architecture.png ├── SrirachaIQ_Kibana_Alerts.png ├── SrirachaIQ_Kibana_Jupyter.png ├── SrirachaIQ_Kibana_Nessus_Dashboard.png ├── SrirachaIQ_Kibana_Windows_Dashboard.png └── linux_logs_add_year.py └── notebooks └── Elasticsearch Query Example.ipynb /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/README.md -------------------------------------------------------------------------------- /alerts/example.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/alerts/example.yml -------------------------------------------------------------------------------- /alerts/example2.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/alerts/example2.yml -------------------------------------------------------------------------------- /alerts/example3.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/alerts/example3.yml -------------------------------------------------------------------------------- /containers/elastalert/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/elastalert/Dockerfile -------------------------------------------------------------------------------- /containers/elastalert/config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/elastalert/config.yml -------------------------------------------------------------------------------- /containers/elastalert/requirements.txt: -------------------------------------------------------------------------------- 1 | elastalert==0.2.1 -------------------------------------------------------------------------------- /containers/elastalert/run.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/elastalert/run.sh -------------------------------------------------------------------------------- /containers/elasticsearch/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/elasticsearch/Dockerfile -------------------------------------------------------------------------------- /containers/elasticsearch/config/elasticsearch.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/elasticsearch/config/elasticsearch.yml -------------------------------------------------------------------------------- /containers/input-modules/auditd/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/input-modules/auditd/Dockerfile -------------------------------------------------------------------------------- /containers/input-modules/auditd/filebeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/input-modules/auditd/filebeat.yml -------------------------------------------------------------------------------- /containers/input-modules/cleanup/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/input-modules/cleanup/Dockerfile -------------------------------------------------------------------------------- /containers/input-modules/cleanup/requirements.txt: -------------------------------------------------------------------------------- 1 | watchdog==0.8.2 2 | python-dateutil==2.8.0 -------------------------------------------------------------------------------- /containers/input-modules/cleanup/script.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/input-modules/cleanup/script.py -------------------------------------------------------------------------------- /containers/input-modules/evtx/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/input-modules/evtx/Dockerfile -------------------------------------------------------------------------------- /containers/input-modules/evtx/evtxtoelk.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/input-modules/evtx/evtxtoelk.py -------------------------------------------------------------------------------- /containers/input-modules/evtx/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/input-modules/evtx/requirements.txt -------------------------------------------------------------------------------- /containers/input-modules/evtx/script.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/input-modules/evtx/script.py -------------------------------------------------------------------------------- /containers/input-modules/nessus/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/input-modules/nessus/Dockerfile -------------------------------------------------------------------------------- /containers/input-modules/nessus/filebeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/input-modules/nessus/filebeat.yml -------------------------------------------------------------------------------- /containers/input-modules/netflow/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/input-modules/netflow/Dockerfile -------------------------------------------------------------------------------- /containers/input-modules/netflow/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/input-modules/netflow/requirements.txt -------------------------------------------------------------------------------- /containers/input-modules/netflow/script.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/input-modules/netflow/script.py -------------------------------------------------------------------------------- /containers/input-modules/syslog/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/input-modules/syslog/Dockerfile -------------------------------------------------------------------------------- /containers/input-modules/syslog/filebeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/input-modules/syslog/filebeat.yml -------------------------------------------------------------------------------- /containers/jupyter/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/jupyter/Dockerfile -------------------------------------------------------------------------------- /containers/jupyter/conf/jupyter_notebook_config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/jupyter/conf/jupyter_notebook_config.py -------------------------------------------------------------------------------- /containers/jupyter/conf/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/jupyter/conf/requirements.txt -------------------------------------------------------------------------------- /containers/kibana/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/kibana/Dockerfile -------------------------------------------------------------------------------- /containers/kibana/config/kibana.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/kibana/config/kibana.yml -------------------------------------------------------------------------------- /containers/kibana/config/plugins/srirachaiq_alerts-1.0.0.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/kibana/config/plugins/srirachaiq_alerts-1.0.0.zip -------------------------------------------------------------------------------- /containers/kibana/config/plugins/srirachaiq_jupyter-1.0.0.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/kibana/config/plugins/srirachaiq_jupyter-1.0.0.zip -------------------------------------------------------------------------------- /containers/logstash/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/logstash/Dockerfile -------------------------------------------------------------------------------- /containers/logstash/config/logstash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/logstash/config/logstash.yml -------------------------------------------------------------------------------- /containers/logstash/config/pipelines.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/logstash/config/pipelines.yml -------------------------------------------------------------------------------- /containers/logstash/pipeline/nessus.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/logstash/pipeline/nessus.conf -------------------------------------------------------------------------------- /containers/logstash/pipeline/netflow.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/logstash/pipeline/netflow.conf -------------------------------------------------------------------------------- /containers/setup/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/setup/Dockerfile -------------------------------------------------------------------------------- /containers/setup/extras/kibana-config.ndjson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/setup/extras/kibana-config.ndjson -------------------------------------------------------------------------------- /containers/setup/scripts/setup-kibana.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/containers/setup/scripts/setup-kibana.sh -------------------------------------------------------------------------------- /data-inputs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/data-inputs/README.md -------------------------------------------------------------------------------- /data-inputs/auditd/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /data-inputs/auth/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /data-inputs/evtx/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /data-inputs/nessus/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /data-inputs/netflow/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /data-inputs/syslog/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/docker-compose.yml -------------------------------------------------------------------------------- /environment_variables: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/environment_variables -------------------------------------------------------------------------------- /misc/SrirachaIQ_Architecture.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/misc/SrirachaIQ_Architecture.drawio -------------------------------------------------------------------------------- /misc/SrirachaIQ_Architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/misc/SrirachaIQ_Architecture.png -------------------------------------------------------------------------------- /misc/SrirachaIQ_Kibana_Alerts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/misc/SrirachaIQ_Kibana_Alerts.png -------------------------------------------------------------------------------- /misc/SrirachaIQ_Kibana_Jupyter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/misc/SrirachaIQ_Kibana_Jupyter.png -------------------------------------------------------------------------------- /misc/SrirachaIQ_Kibana_Nessus_Dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/misc/SrirachaIQ_Kibana_Nessus_Dashboard.png -------------------------------------------------------------------------------- /misc/SrirachaIQ_Kibana_Windows_Dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/misc/SrirachaIQ_Kibana_Windows_Dashboard.png -------------------------------------------------------------------------------- /misc/linux_logs_add_year.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/misc/linux_logs_add_year.py -------------------------------------------------------------------------------- /notebooks/Elasticsearch Query Example.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tiburon-security/sriracha-iq/HEAD/notebooks/Elasticsearch Query Example.ipynb --------------------------------------------------------------------------------