The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack.
This project was developed primarily for research, but due to its flexible design and core components, it can be deployed in larger environments with the right configurations and scalable infrastructure.
Goals of HELK Open Source Threat Hunting Platform
- Provide an open-source hunting platform to the community and share the basics of Threat Hunting.
- Expedite the time it takes to deploy a hunting platform.
- Improve the testing and development of hunting use cases in an easier and more affordable way.
- Enable Data Science capabilities while analyzing data via Apache Spark, GraphFrames & Jupyter Notebooks.
Installing HELK Open Source Threat Hunting Platform
You can start playing with the HELK in a few steps:
Step 1, download:
|
1 |
git clone https://github.com/Cyb3rWard0g/HELK.git |
Step 2, install:
|
1 2 |
cd HELK/ sudo ./helk_install.sh |
You can download HELK here:
Or read more here.