├── LICENSE
├── README.md
├── elastalert
    └── new_observables.yaml
├── install_lab
├── pillar
    ├── elasticsearch
    │   └── search.sls
    └── logstash
    │   └── search.sls
├── resources
    ├── Mal_CMD_Obfuscated_Bat.yar
    ├── links.txt
    └── obfuscated_bat.py
├── salt
    ├── common
    │   └── tools
    │   │   └── sbin
    │   │       ├── so-allow
    │   │       ├── so-n8n-restart
    │   │       ├── so-n8n-start
    │   │       ├── so-n8n-stop
    │   │       ├── so-velociraptor-restart
    │   │       ├── so-velociraptor-start
    │   │       └── so-velociraptor-stop
    ├── elasticsearch
    │   ├── files
    │   │   └── ingest
    │   │   │   ├── velociraptor.es_direct
    │   │   │   └── velociraptor.fb_input
    │   └── templates
    │   │   └── custom
    │   │       └── so-velociraptor-template.json
    ├── filebeat
    │   ├── etc
    │   │   └── filebeat.yml
    │   └── init.sls
    ├── firewall
    │   ├── assigned_hostgroups.local.map.yaml
    │   └── portgroups.local.yaml
    ├── logstash
    │   └── pipelines
    │   │   └── config
    │   │       └── custom
    │   │           └── 9501_output_velociraptor.conf.jinja
    ├── n8n
    │   ├── files
    │   │   └── database.sqlite
    │   └── init.sls
    ├── nginx
    │   └── etc
    │   │   └── nginx.conf
    ├── soc
    │   └── files
    │   │   └── soc
    │   │       └── hunt.actions.json
    ├── top.sls
    └── velociraptor
    │   └── init.sls
└── velociraptor
    ├── artifacts
        ├── Custom.Elastic.Flows.Upload
        ├── Custom.Flows.Write
        └── Custom.Server.Automation.Quarantine
    └── server_monitoring.json.db


/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/LICENSE


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/README.md


--------------------------------------------------------------------------------
/elastalert/new_observables.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/elastalert/new_observables.yaml


--------------------------------------------------------------------------------
/install_lab:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/install_lab


--------------------------------------------------------------------------------
/pillar/elasticsearch/search.sls:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/pillar/elasticsearch/search.sls


--------------------------------------------------------------------------------
/pillar/logstash/search.sls:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/pillar/logstash/search.sls


--------------------------------------------------------------------------------
/resources/Mal_CMD_Obfuscated_Bat.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/resources/Mal_CMD_Obfuscated_Bat.yar


--------------------------------------------------------------------------------
/resources/links.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/resources/links.txt


--------------------------------------------------------------------------------
/resources/obfuscated_bat.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/resources/obfuscated_bat.py


--------------------------------------------------------------------------------
/salt/common/tools/sbin/so-allow:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/common/tools/sbin/so-allow


--------------------------------------------------------------------------------
/salt/common/tools/sbin/so-n8n-restart:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/common/tools/sbin/so-n8n-restart


--------------------------------------------------------------------------------
/salt/common/tools/sbin/so-n8n-start:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/common/tools/sbin/so-n8n-start


--------------------------------------------------------------------------------
/salt/common/tools/sbin/so-n8n-stop:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/common/tools/sbin/so-n8n-stop


--------------------------------------------------------------------------------
/salt/common/tools/sbin/so-velociraptor-restart:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/common/tools/sbin/so-velociraptor-restart


--------------------------------------------------------------------------------
/salt/common/tools/sbin/so-velociraptor-start:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/common/tools/sbin/so-velociraptor-start


--------------------------------------------------------------------------------
/salt/common/tools/sbin/so-velociraptor-stop:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/common/tools/sbin/so-velociraptor-stop


--------------------------------------------------------------------------------
/salt/elasticsearch/files/ingest/velociraptor.es_direct:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/elasticsearch/files/ingest/velociraptor.es_direct


--------------------------------------------------------------------------------
/salt/elasticsearch/files/ingest/velociraptor.fb_input:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/elasticsearch/files/ingest/velociraptor.fb_input


--------------------------------------------------------------------------------
/salt/elasticsearch/templates/custom/so-velociraptor-template.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/elasticsearch/templates/custom/so-velociraptor-template.json


--------------------------------------------------------------------------------
/salt/filebeat/etc/filebeat.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/filebeat/etc/filebeat.yml


--------------------------------------------------------------------------------
/salt/filebeat/init.sls:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/filebeat/init.sls


--------------------------------------------------------------------------------
/salt/firewall/assigned_hostgroups.local.map.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/firewall/assigned_hostgroups.local.map.yaml


--------------------------------------------------------------------------------
/salt/firewall/portgroups.local.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/firewall/portgroups.local.yaml


--------------------------------------------------------------------------------
/salt/logstash/pipelines/config/custom/9501_output_velociraptor.conf.jinja:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/logstash/pipelines/config/custom/9501_output_velociraptor.conf.jinja


--------------------------------------------------------------------------------
/salt/n8n/files/database.sqlite:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/n8n/files/database.sqlite


--------------------------------------------------------------------------------
/salt/n8n/init.sls:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/n8n/init.sls


--------------------------------------------------------------------------------
/salt/nginx/etc/nginx.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/nginx/etc/nginx.conf


--------------------------------------------------------------------------------
/salt/soc/files/soc/hunt.actions.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/soc/files/soc/hunt.actions.json


--------------------------------------------------------------------------------
/salt/top.sls:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/top.sls


--------------------------------------------------------------------------------
/salt/velociraptor/init.sls:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/salt/velociraptor/init.sls


--------------------------------------------------------------------------------
/velociraptor/artifacts/Custom.Elastic.Flows.Upload:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/velociraptor/artifacts/Custom.Elastic.Flows.Upload


--------------------------------------------------------------------------------
/velociraptor/artifacts/Custom.Flows.Write:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/velociraptor/artifacts/Custom.Flows.Write


--------------------------------------------------------------------------------
/velociraptor/artifacts/Custom.Server.Automation.Quarantine:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/velociraptor/artifacts/Custom.Server.Automation.Quarantine


--------------------------------------------------------------------------------
/velociraptor/server_monitoring.json.db:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weslambert/DinoSOARLab/HEAD/velociraptor/server_monitoring.json.db


--------------------------------------------------------------------------------