Skip to content
/ ElasticXDR Public
forked from alainw68/ELK-SIEM

This repo is a re-build for ElasticXDR platform. This guide will help you build this XDR platform so that you will be able to gather critical information from your Networking devices.

License

MIT license
0 stars 25 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

datboyblu3/ElasticXDR

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

138 Commits
Deployment-Guide
Deployment-Guide
 
 
.gitattributes
.gitattributes
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ElasticXDR Build Guide

GitHub license Maintenance contributions welcome

Anurag's github stats

Note:

  • This build was setup on a VMware ESXI 6.7.

Resource References:

What is XDR or “NextGen SIEM”

https://www.brite.com/xdr-vs-siem/

  • To summarize, XDR is truly a NextGen SIEM giving security teams a complete view into all the activity while leveraging machine learning to proactively stop attacks.

What is ElasticXDR

https://www.elastic.co/blog/introducing-limitless-xdr

Required Software

Ubuntu Server 20.04.3 LTS

  • Direct Download:

https://releases.ubuntu.com/focal/

  • Hash Value:
f8e3086f3cea0fb3fefb29937ab5ed9d19e767079633960ccb50e76153effc98 *ubuntu-20.04.3-live-server-amd64.iso
  • You can use linux or windows for the base hypervisor install.

  • VirtualBox for Windows or Linux Installs

  • Oracle VirtualBox 6.1.26

https://www.virtualbox.org/wiki/Downloads

  • Oracle VirtualBox Guest Extension Pack

https://download.virtualbox.org/virtualbox/6.1.26/Oracle_VM_VirtualBox_Extension_Pack-6.1.26.vbox-extpack

  • Hash Value:
eed44e66d898c17cae46a14dff1fc86ac5c321372a7fc46efcef454c1e454307 *VirtualBox-6.1.26-145957-Win.exe

  • VMware for Windows or Linux Installs

  • VMware Workstation 16.1.2 Player Free

https://my.vmware.com/web/vmware/downloads/details?downloadGroup=WKST-PLAYER-1612&productId=1039&rPId=66621

  • Hash Value:
Windows: ce5949c2ca89c6fc8349d63e6d1dd053325b5803b93870aa3b73a106d76c942f
Linux:   8da4df34bfa72398115ca5a02d9fbe491df6f8e82a3011cbd745e18e7242b45b

Note:

  • These two are optional below.
  • You will need physical hardware to install.

Physical Hardware Install Below!

  • VMware ESXI 6.7

https://my.vmware.com/en/web/vmware/downloads/details?downloadGroup=ESXI67U3B&productId=742&rPId=56014

  • Hash Value
ISO: 7665f662ab4f821c8a5c918d0e14e2919828f88611072716cc5581a15fa8c13a
  • VMware ESXI 7.0

https://my.vmware.com/web/vmware/evalcenter?p=free-esxi7

  • Hash Value
ISO: 35d80d52dfca79f52eadd1c641e2f990371e834e98b3ef95914b7f950b42f629

Installation Guide ElasticXDR

  • Install Elastic Stack Build:

https://github.com/watsoninfosec/ElasticXDR/blob/main/Deployment-Guide/Installation-Guide/Installation-Guide.md

  • Secure Elastic Stack Build:

https://github.com/watsoninfosec/ElasticXDR/blob/main/Deployment-Guide/Security-Module/Security-Module.md

  • Elastic Beats Modules Build:

https://github.com/watsoninfosec/ElasticXDR/tree/main/Deployment-Guide/Beats-Setup

  • Elastic Fleet Agent & Server Build:

https://github.com/watsoninfosec/ElasticXDR/tree/main/Deployment-Guide/FleetServer

License

This project is licensed under the MIT License - see the LICENSE file for details

MIT © WatsonInfoSec, LLC

About

This repo is a re-build for ElasticXDR platform. This guide will help you build this XDR platform so that you will be able to gather critical information from your Networking devices.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PowerShell 69.9%
  • Shell 30.1%