corelight / ecs-logstash-mappings
Mapping Corelight or Zeek data to Elastic Common Schema logs
☆12Updated 3 weeks ago
Related projects ⓘ
Alternatives and complementary repositories for ecs-logstash-mappings
- Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash☆54Updated 2 years ago
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆34Updated 2 weeks ago
- A Zeek log writer plugin that publishes to Kafka.☆46Updated 6 months ago
- This repository contains a few examples of actions that can be added to rules within Elastic Security.☆22Updated 2 years ago
- SIEM Logstash parsing for more than hundred technologies☆181Updated this week
- ☆16Updated 3 weeks ago
- App examples for Splunk Enterprise☆122Updated 3 months ago
- ElastAlert that exposes REST API's for manipulating rules and alerts☆44Updated last month
- Parse wazuh[HIDS] alerts into ECS mapping using Filebeat☆27Updated 4 years ago
- Zeek support for Community ID flow hashing.☆34Updated last year
- Security Analytics enables users for detecting security threats on their security event log data. It will also allow them to modify/tailo…☆72Updated 2 weeks ago
- Wazuh - Splunk App☆50Updated 2 months ago
- Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, S…☆16Updated 3 years ago
- Splunk App for Data Science and Deep Learning - container images repository☆50Updated last month
- Converts Netwitness log parser configuration to Logstash configuration☆20Updated 4 years ago
- ☆27Updated 4 years ago
- Splunk App for Linux Auditd☆58Updated 3 years ago
- This repo contains example of raw event examples and possible translations to the OCSF schema.☆33Updated 2 weeks ago
- Docker files for building Zeek.☆86Updated last year
- Plugin providing native AF_Packet support for Zeek.☆33Updated 7 months ago
- An open standard for hashing network flows into identifiers, a.k.a "Community IDs".☆171Updated last month
- Command line tool used for generating events corpus dynamically given a specific integration☆22Updated last week
- Phantom Apps Repo☆82Updated 3 years ago
- This package allows the use of a custom Elastalert Alert which creates alerts with observables in TheHive using TheHive4Py.☆27Updated 3 years ago
- Alert Wizard plugin for Graylog to manage the alert rules☆47Updated this week
- A Search command to explore Elasticsearch data within Splunk.☆40Updated 6 years ago
- Splunk Connect for Syslog☆154Updated this week
- Suricata Verification Tests - Testing Suricata Output☆102Updated last week
- Open source endpoint agent providing host information to Zeek. [v2]☆66Updated last month
- Cisco eStreamer client☆25Updated 2 years ago