{"id":13846133,"url":"https://github.com/h0rv4th/c2matrix-analyzer","last_synced_at":"2025-07-12T04:31:11.006Z","repository":{"id":94796085,"uuid":"256633174","full_name":"h0rv4th/c2matrix-analyzer","owner":"h0rv4th","description":"Basic c2-matrix analysis enviroment using Suricata + Wazuh + Elastic stack","archived":false,"fork":false,"pushed_at":"2020-04-18T00:43:34.000Z","size":290,"stargazers_count":12,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-10-29T16:58:32.375Z","etag":null,"topics":["adversarial-attacks","c2","command-and-control","nids"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/h0rv4th.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-17T23:47:29.000Z","updated_at":"2024-03-05T09:50:39.000Z","dependencies_parsed_at":null,"dependency_job_id":"c62aaeb8-8447-483e-b42d-4be234ee0588","html_url":"https://github.com/h0rv4th/c2matrix-analyzer","commit_stats":null,"previous_names":["eortizbrossard/c2matrix-analyzer"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/h0rv4th%2Fc2matrix-analyzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/h0rv4th%2Fc2matrix-analyzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/h0rv4th%2Fc2matrix-analyzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/h0rv4th%2Fc2matrix-analyzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/h0rv4th","download_url":"https://codeload.github.com/h0rv4th/c2matrix-analyzer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225791556,"owners_count":17524806,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adversarial-attacks","c2","command-and-control","nids"],"created_at":"2024-08-04T17:04:23.128Z","updated_at":"2024-11-21T19:31:14.083Z","avatar_url":"https://github.com/h0rv4th.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"# c2matrix-analyzer\n\nBasic c2-matrix analysis enviroment using Suricata + Wazuh + Elastic stack \n\n\n- The agent VM has Suricata configured to use the Emerging Threats Open Rules.\n- Suricata alerts are collected by Wazuh's agent and sent to Wazuh's manager. \n- Wazuh Manager sends alerts to Elasticsearch and can be viewed in Kibana in both the Discover section and the Wazuh plugin.\n\n![Analysis00](https://github.com/eortizbrossard/c2matrix-evaluation/blob/master/images/suricata00.png)\n\n![Analysis01](https://github.com/eortizbrossard/c2matrix-evaluation/blob/master/images/suricata01.png)\n\n![Analysis02](https://github.com/eortizbrossard/c2matrix-evaluation/blob/master/images/suricata02.png)\n\nRequirements:\n- Virtualbox\n- Vagrant\n\nEnviroment:\n1. master: Manager Wazuh all in one + Elasticsearch + Kibana\nOS: Centos7\nKibana port 5601 is attached to the local host: 5601\n\n2. agent:  Agent Wazuh + Suricata + ET Open\nOS: Centos7\n\n3. c2server:\nOS: Kali / Debian / Centos7  # Choose one by changing in Vagrantfile\n\n# Instructions:\nFor deployment, do the following:\n\nExtract all files in a directory, and launches the commands from this directory\n\nTo deploy the entire environment:\n```\n$ vagrant up\n``` \nDeploy a vm:\n```\n$ vagrant up [VM_NAME]\n```\nDestroy the whole enviroment:\n```\n$ vagrant destroy  \n```\nDestroy a vm:\n```\n$ vagrant destroy [VM_NAME]\n```\nAccess Kibana:\n```\nhttp://localhost:5601 \n```\nAacces to a vm:\n```\n$ vagrant ssh [VM_NAME]\n```\nNetwork: \n- master_ip = \"192.168.76.2\"\n- agent_ip = \"192.168.76.20\"\n- c2server_ip = \"192.168.76.30\"\n\n# References:\n```\n- Red Team Kali Package. Inside it has instructions for installing various C2 programs (It may apply to Debian).\nhttps://bugs.kali.org/view.php?id=6093\n\n- C2 Matrix:\nhttps://howto.thec2matrix.com/\nhttps://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/edit#gid=0\n\n- Suricata\nhttps://suricata-ids.org/\n\n- Emergint Threat s\nhttps://rules.emergingthreats.net/\n\n- Wazuh\nhttps://github.com/wazuh/wazuh\n\n- Elastic\nhttps://github.com/elastic\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fh0rv4th%2Fc2matrix-analyzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fh0rv4th%2Fc2matrix-analyzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fh0rv4th%2Fc2matrix-analyzer/lists"}