-
Notifications
You must be signed in to change notification settings - Fork 371
Under the hood
Marc Smeets edited this page Jan 15, 2019
·
4 revisions
A lot is going on under the hood.
RedELK uses the typical components Filebeat (shipping), Logstash (filtering), Elasticsearch (storage) and Kibana (viewing). Rsync is used for a second syncing of teamserver data: logs, keystrokes, screenshots, etc. Nginx is used for authentication to Kibana, as well as serving the screenshots, beaconlogs, keystrokes in an easy way in the operator's browser.
A set of python scripts are used for heavy enriching of the log data, and for blue team detection.
More details are described in: