{"id":13840385,"url":"https://github.com/outflanknl/RedELK","last_synced_at":"2025-07-11T07:33:47.478Z","repository":{"id":37484209,"uuid":"151439629","full_name":"outflanknl/RedELK","owner":"outflanknl","description":"Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.","archived":false,"fork":false,"pushed_at":"2024-09-10T15:27:02.000Z","size":44749,"stargazers_count":2383,"open_issues_count":30,"forks_count":371,"subscribers_count":80,"default_branch":"master","last_synced_at":"2024-11-19T17:50:24.330Z","etag":null,"topics":["elastic","elasticsearch","kibana","logstash","monitoring","red-teaming","security","siem"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/outflanknl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-10-03T15:55:05.000Z","updated_at":"2024-11-12T14:20:55.000Z","dependencies_parsed_at":"2024-02-01T10:30:00.308Z","dependency_job_id":"7efccb3e-3eca-4d60-9b8e-387c9461a02e","html_url":"https://github.com/outflanknl/RedELK","commit_stats":{"total_commits":898,"total_committers":20,"mean_commits":44.9,"dds":0.5144766146993318,"last_synced_commit":"0bac70983e4088938589b7113f3847d6c08f198a"},"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/outflanknl%2FRedELK","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/outflanknl%2FRedELK/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/outflanknl%2FRedELK/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/outflanknl%2FRedELK/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/outflanknl","download_url":"https://codeload.github.com/outflanknl/RedELK/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225705389,"owners_count":17511285,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["elastic","elasticsearch","kibana","logstash","monitoring","red-teaming","security","siem"],"created_at":"2024-08-04T17:00:47.026Z","updated_at":"2024-11-21T09:31:25.238Z","avatar_url":"https://github.com/outflanknl.png","language":"Python","readme":"![Build docker base image (dev)](https://github.com/outflanknl/RedELK/workflows/Build%20docker%20base%20image%20(dev)/badge.svg?branch=maindev)\n![Build docker elasticsearch image (dev)](https://github.com/outflanknl/RedELK/workflows/Build%20docker%20elasticsearch%20image%20(dev)/badge.svg?branch=maindev)\n![Build docker jupyter image (dev)](https://github.com/outflanknl/RedELK/workflows/Build%20docker%20jupyter%20image%20(dev)/badge.svg?branch=maindev)\n![Build docker kibana image (dev)](https://github.com/outflanknl/RedELK/workflows/Build%20docker%20kibana%20image%20(dev)/badge.svg?branch=maindev)\n![Build docker logstash image (dev)](https://github.com/outflanknl/RedELK/workflows/Build%20docker%20logstash%20image%20(dev)/badge.svg?branch=maindev)\n\nRed Team's SIEM - tool for Red Teams for tracking and alarming about Blue Team activities as well as enhanced usability in long term operations.\n\n1. **Enhanced usability and overview** for the red team operators by creating a central location where all relevant _operational_ logs from multiple teamservers are collected and enriched. This is great for historic searching within the operation as well as giving a read-only view on the operation (e.g. for the White Team). Especially useful for multi-scenario, multi-teamserver, multi-member and multi-month operations. Also, super easy ways for viewing all screenshots, IOCs, keystrokes output, etc. \\o/\n2. **Spot the Blue Team** by having a central location where all _traffic_ logs from redirectors are collected and enriched. Using specific queries its now possible to detect that the Blue Team is investigating your infrastructure.\n\n# Background info #\nCheck the [wiki](https://github.com/outflanknl/RedELK/wiki) for info on usage or one the blog posts or presentations listed below:\n- Blog part 1: [Why we need RedELK](https://outflank.nl/blog/2019/02/14/introducing-redelk-part-1-why-we-need-it/)\n- Blog part 2: [Getting you up and running](https://outflank.nl/blog/2020/02/28/redelk-part-2-getting-you-up-and-running/)\n- Blog part 3: [Achieving operational oversight](https://outflank.nl/blog/2020/04/07/redelk-part-3-achieving-operational-oversight/)\n- SANS Hackfest 2020: Super charge your Red Team with RedELK [video](https://www.youtube.com/watch?v=24pVnDSSOLY) and [slides](https://github.com/outflanknl/Presentations/blob/master/SANSHackFest2020_Smeets_SuperchargeYourRedTeamwithRedELK.pdf)\n- Hack in Paris 2019: Who watches the Watchmen [video](https://www.youtube.com/watch?v=ZezBCAUax6c) and [slides](https://github.com/outflanknl/Presentations/blob/master/HackInParis2019_WhoWatchesTheWatchmen_Bergman-Smeetsfinal.pdf)\n- x33fcon 2019 Catching Blue Team OPSEC failures [video](https://www.youtube.com/watch?v=-CNMgh0yJag) and [slides](https://github.com/outflanknl/Presentations/blob/master/x33fcon2019_OutOfTheBlue-CatchingBlueTeamOPSECFailures_publicversion.pdf)\n- BruCon 2018: Using Blue Team techniques in Red Team ops [video](https://www.youtube.com/watch?v=OjtftdPts4g) and [slides](https://github.com/outflanknl/Presentations/blob/master/MirrorOnTheWall_BruCon2018_UsingBlueTeamTechniquesinRedTeamOps_Bergman-Smeets_FINAL.pdf)\n\n# Installation #\nCheck the [wiki](https://github.com/outflanknl/RedELK/wiki) for manual installation manual. There are also Ansible playbooks maintained by others:\n- [RedELK Server playbook](https://github.com/fastlorenzo/redelk-server) - maintained by one of RedELK's developers\n- [RedELK Client playbook](https://github.com/fastlorenzo/redelk-client) - maintained by one of RedELK's developers\n- [ansible-redelk](https://github.com/curi0usJack/ansible-redelk) - maintained by curi0usJack/TrustedSec\n\n# Conceptual overview #\n\nHere's a conceptual overview of how RedELK works.\n\n![](./images/redelk_overview.jpg)\n\n\n# Authors and contribution #\nThis project is developed and maintained by:\n- Marc Smeets (@MarcOverIP on [Github](https://github.com/MarcOverIP) and [Twitter](https://twitter.com/MarcOverIP))\n- Mark Bergman (@xychix on [Github](https://github.com/xychix) and [Twitter](https://twitter.com/xychix))\n- Lorenzo Bernardi (@fastlorenzo on [Github](https://github.com/fastlorenzo) and [Twitter](https://twitter.com/fastlorenzo))\n\nWe welcome contributions! Contributions can be both in code, as well as in ideas you might have for further development, alarms, usability improvements, etc.\n","funding_links":[],"categories":["Collaboration Tools","CSS","Python (1887)","Python","Pentesting","Tools"],"sub_categories":["Malware Analysis Books","Windows Books","Red Team","Collaboration Tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foutflanknl%2FRedELK","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foutflanknl%2FRedELK","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foutflanknl%2FRedELK/lists"}