HELK – The Hunting ELK Framework

The Hunting ELK or simply the HELK is one of the first open source hunt platforms with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack.

This project was developed primarily for research, but due to its flexible design and core components, it can be deployed in larger environments with the right configurations and scalable infrastructure.

HELK - The Hunting ELK (design)
HELK – The Hunting ELK (design)

The goal of the project is to:

  • Provide an open source hunting platform to the community and share the basics of Threat Hunting.
  • Expedite the time it takes to deploy a hunt platform.
  • Improve the testing and development of hunting use cases in an easier and more affordable way.
  • Enable Data Science capabilities while analyzing data via Apache Spark, GraphFrames & Jupyter Notebooks.

The framework will allow user to customize dashboard based on the data source they have. it will be possible to run sysmon and osquery on endpoint and collect the logs for threat hunting purposes.

User may also integrate several open source feeds such as The AlienVault Open Threat Exchange (OTX) which is the world’s most authoritative open threat information sharing and analysis network. 

OTX provides access to a global community of threat researchers and security professionals, with more than 50,000 participants in 140 countries, who contribute over four million threat indicators daily.

You can read more and download this framework over here: https://github.com/Cyb3rWard0g/HELK

Share