Merge pull request #409 from neu5ron/hot_fixes

new images

docker/helk-base/Dockerfile

@@ -3,7 +3,7 @@
 # Author: Roberto Rodriguez (@Cyb3rWard0g)
 # License: GPL-3.0
 
-FROM phusion/baseimage:0.11
+FROM phusion/baseimage:latest
 LABEL maintainer="Roberto Rodriguez @Cyb3rWard0g"
 LABEL description="Dockerfile HELK Base Image.."
 

docker/helk-elastalert/Dockerfile

@@ -7,7 +7,7 @@
 # https://github.com/Yelp/elastalert/blob/master/Dockerfile-test
 # https://jordanpotti.com/2017/12/22/using-elastalert-to-help-automate-threat-hunting/
 
-FROM cyb3rward0g/helk-base:0.0.3
+FROM otrf/helk-base:0.0.4
 LABEL maintainer="Roberto Rodriguez @Cyb3rWard0g"
 LABEL description="Dockerfile base for the HELK Elastalert."
 
@@ -37,12 +37,14 @@ RUN apt-get update -qq && apt-get install -qqy --no-install-recommends \
   && bash -c 'mkdir -pv /etc/elastalert/rules' \
   && cd ${ESALERT_HOME} \
   && sudo pip3 install --upgrade pip \
+  && sudo pip3 install --upgrade setuptools \
   && pip3 install urllib3 \
+  && pip3 install -U enum34 \
   && pip3 install -r requirements.txt \
   && python3 setup.py install \
   # ********* Download SIGMA *******************
-  && git clone https://github.com/Cyb3rWard0g/sigma.git ${ESALERT_SIGMA_HOME} \
-  && pip3 install -r ${ESALERT_SIGMA_HOME}/tools/requirements.txt
+  && pip3 install -U sigmatools \
+  && git clone https://github.com/Cyb3rWard0g/sigma.git ${ESALERT_SIGMA_HOME}
 
 # ********* Copy Elastalert files **************
 COPY scripts/* ${ESALERT_HOME}/

docker/helk-elastalert/scripts/pull-sigma.sh

@@ -85,8 +85,8 @@ for  rule_category in rules/windows/* ; do
                     continue
                 else
                     echo "[+++] Processing Windows process creation rule: $rule .."
-                    tools/sigmac -t elastalert -c tools/config/generic/sysmon.yml -c sigmac-config.yml -o $ESALERT_HOME/rules/sigma_$(basename $rule) "$rule"
-                    tools/sigmac -t elastalert -c tools/config/generic/windows-audit.yml -c sigmac-config.yml -o $ESALERT_HOME/rules/sigma_$(basename $rule) "$rule"
+                    sigmac -t elastalert -c tools/config/generic/sysmon.yml -c sigmac-config.yml -o $ESALERT_HOME/rules/sigma_$(basename $rule) "$rule"
+                    sigmac -t elastalert -c tools/config/generic/windows-audit.yml -c sigmac-config.yml -o $ESALERT_HOME/rules/sigma_$(basename $rule) "$rule"
                     rule_counter=$[$rule_counter +1]
                 fi
             fi
@@ -97,7 +97,7 @@ for  rule_category in rules/windows/* ; do
                 continue
             else
                 echo "[+++] Processing additional Windows rule: $rule .."
-                tools/sigmac -t elastalert -c sigmac-config.yml -o $ESALERT_HOME/rules/sigma_$(basename $rule) $rule
+                sigmac -t elastalert -c sigmac-config.yml -o $ESALERT_HOME/rules/sigma_$(basename $rule) $rule
                 rule_counter=$[$rule_counter +1]
             fi
         done

docker/helk-kafka-base/Dockerfile

@@ -3,7 +3,7 @@
 # Author: Roberto Rodriguez (@Cyb3rWard0g)
 # License: GPL-3.0
 
-FROM cyb3rward0g/helk-base:0.0.3
+FROM otrf/helk-base:0.0.4
 LABEL maintainer="Roberto Rodriguez @Cyb3rWard0g"
 LABEL description="Dockerfile base for the HELK Kafka."
 

docker/helk-kafka-broker/Dockerfile

@@ -3,7 +3,7 @@
 # Author: Roberto Rodriguez (@Cyb3rWard0g)
 # License: GPL-3.0
 
-FROM cyb3rward0g/helk-kafka-base:2.2.0
+FROM otrf/helk-kafka-base:2.3.0
 LABEL maintainer="Roberto Rodriguez @Cyb3rWard0g"
 LABEL description="Dockerfile base for the HELK Kafka Broker."
 

docker/helk-kibana-analysis-alert-basic.yml

@@ -34,7 +34,7 @@ services:
     networks:
       helk:
   helk-logstash:
-    build: helk-logstash/
+    image: docker.elastic.co/logstash/logstash:7.5.1
     container_name: helk-logstash
     logging:
       driver: "json-file"
@@ -82,7 +82,7 @@ services:
     networks:
       helk:
   helk-nginx:
-    image: cyb3rward0g/helk-nginx:0.0.7
+    image: otrf/helk-nginx:0.0.8
     container_name: helk-nginx
     logging:
       driver: "json-file"
@@ -105,7 +105,7 @@ services:
     networks:
       helk:
   helk-zookeeper:
-    image: cyb3rward0g/helk-zookeeper:2.2.0
+    image: otrf/helk-zookeeper:2.3.0
     container_name: helk-zookeeper
     logging:
       driver: "json-file"
@@ -118,7 +118,7 @@ services:
     networks:
       helk:
   helk-kafka-broker:
-    image: cyb3rward0g/helk-kafka-broker:2.2.0
+    image: otrf/helk-kafka-broker:2.3.0
     container_name: helk-kafka-broker
     logging:
       driver: "json-file"
@@ -184,7 +184,7 @@ services:
     networks:
       helk:
   helk-elastalert:
-    image: cyb3rward0g/helk-elastalert:0.2.5
+    image: otrf/helk-elastalert:0.2.6
     container_name: helk-elastalert
     logging:
       driver: "json-file"

docker/helk-kibana-analysis-alert-trial.yml

@@ -88,7 +88,7 @@ services:
     networks:
       helk:
   helk-nginx:
-    image: cyb3rward0g/helk-nginx:0.0.7
+    image: otrf/helk-nginx:0.0.8
     container_name: helk-nginx
     logging:
       driver: "json-file"
@@ -108,7 +108,7 @@ services:
     networks:
       helk:
   helk-zookeeper:
-    image: cyb3rward0g/helk-zookeeper:2.2.0
+    image: otrf/helk-zookeeper:2.3.0
     container_name: helk-zookeeper
     logging:
       driver: "json-file"
@@ -121,7 +121,7 @@ services:
     networks:
       helk:
   helk-kafka-broker:
-    build: helk-kafka-broker/
+    image: otrf/helk-kafka-broker:2.3.0
     container_name: helk-kafka-broker
     logging:
       driver: "json-file"
@@ -187,7 +187,7 @@ services:
     networks:
       helk:
   helk-elastalert:
-    build: helk-elastalert/
+    image: otrf/helk-elastalert:0.2.6
     container_name: helk-elastalert
     logging:
       driver: "json-file"

docker/helk-kibana-analysis-basic.yml

@@ -34,7 +34,7 @@ services:
     networks:
       helk:
   helk-logstash:
-    build: helk-logstash/
+    image: docker.elastic.co/logstash/logstash:7.5.1
     container_name: helk-logstash
     volumes:
       - ./helk-logstash/pipeline:/usr/share/logstash/pipeline
@@ -72,7 +72,7 @@ services:
     networks:
       helk:
   helk-nginx:
-    image: cyb3rward0g/helk-nginx:0.0.7
+    image: otrf/helk-nginx:0.0.8
     container_name: helk-nginx
     secrets:
       - source: htpasswd.users
@@ -90,15 +90,15 @@ services:
     networks:
       helk:
   helk-zookeeper:
-    image: cyb3rward0g/helk-zookeeper:2.2.0
+    image: otrf/helk-zookeeper:2.3.0
     container_name: helk-zookeeper
     restart: always
     depends_on:
       - helk-logstash
     networks:
       helk:
   helk-kafka-broker:
-    image: cyb3rward0g/helk-kafka-broker:2.2.0
+    image: otrf/helk-kafka-broker:2.3.0
     container_name: helk-kafka-broker
     restart: always
     depends_on:

docker/helk-kibana-analysis-trial.yml

@@ -88,7 +88,7 @@ services:
     networks:
       helk:
   helk-nginx:
-    image: cyb3rward0g/helk-nginx:0.0.7
+    image: otrf/helk-nginx:0.0.8
     container_name: helk-nginx
     logging:
       driver: "json-file"
@@ -108,7 +108,7 @@ services:
     networks:
       helk:
   helk-zookeeper:
-    image: cyb3rward0g/helk-zookeeper:2.2.0
+    image: otrf/helk-zookeeper:2.3.0
     container_name: helk-zookeeper
     logging:
       driver: "json-file"
@@ -121,7 +121,7 @@ services:
     networks:
       helk:
   helk-kafka-broker:
-    image: cyb3rward0g/helk-kafka-broker:2.2.0
+    image: otrf/helk-kafka-broker:2.3.0
     container_name: helk-kafka-broker
     logging:
       driver: "json-file"

docker/helk-kibana-notebook-analysis-alert-basic.yml

@@ -34,7 +34,7 @@ services:
     networks:
       helk:
   helk-logstash:
-    build: helk-logstash/
+    image: docker.elastic.co/logstash/logstash:7.5.1
     container_name: helk-logstash
     logging:
       driver: "json-file"
@@ -82,7 +82,7 @@ services:
     networks:
       helk:
   helk-nginx:
-    image: cyb3rward0g/helk-nginx:0.0.7
+    image: otrf/helk-nginx:0.0.8
     container_name: helk-nginx
     logging:
       driver: "json-file"
@@ -105,7 +105,7 @@ services:
     networks:
       helk:
   helk-zookeeper:
-    image: cyb3rward0g/helk-zookeeper:2.2.0
+    image: otrf/helk-zookeeper:2.3.0
     container_name: helk-zookeeper
     logging:
       driver: "json-file"
@@ -118,7 +118,7 @@ services:
     networks:
       helk:
   helk-kafka-broker:
-    image: cyb3rward0g/helk-kafka-broker:2.2.0
+    image: otrf/helk-kafka-broker:2.3.0
     container_name: helk-kafka-broker
     logging:
       driver: "json-file"
@@ -202,7 +202,7 @@ services:
     networks:
       helk:
   helk-spark-master:
-    image: cyb3rward0g/helk-spark-master:2.4.3
+    image: otrf/helk-spark-master:2.4.4
     container_name: helk-spark-master
     logging:
       driver: "json-file"
@@ -220,7 +220,7 @@ services:
     networks:
       helk:
   helk-spark-worker:
-    image: cyb3rward0g/helk-spark-worker:2.4.3
+    image: otrf/helk-spark-worker:2.4.4
     container_name: helk-spark-worker
     logging:
       driver: "json-file"
@@ -238,7 +238,7 @@ services:
     networks:
       helk:
   helk-elastalert:
-    image: cyb3rward0g/helk-elastalert:0.2.5
+    image: otrf/helk-elastalert:0.2.6
     container_name: helk-elastalert
     logging:
       driver: "json-file"

docker/helk-kibana-notebook-analysis-alert-trial.yml

@@ -88,7 +88,7 @@ services:
     networks:
       helk:
   helk-nginx:
-    image: cyb3rward0g/helk-nginx:0.0.7
+    image: otrf/helk-nginx:0.0.8
     container_name: helk-nginx
     logging:
       driver: "json-file"
@@ -109,7 +109,7 @@ services:
     networks:
       helk:
   helk-zookeeper:
-    image: cyb3rward0g/helk-zookeeper:2.2.0
+    image: otrf/helk-zookeeper:2.3.0
     container_name: helk-zookeeper
     logging:
       driver: "json-file"
@@ -122,7 +122,7 @@ services:
     networks:
       helk:
   helk-kafka-broker:
-    image: cyb3rward0g/helk-kafka-broker:2.2.0
+    image: otrf/helk-kafka-broker:2.3.0
     container_name: helk-kafka-broker
     logging:
       driver: "json-file"
@@ -206,7 +206,7 @@ services:
     networks:
       helk:
   helk-spark-master:
-    image: cyb3rward0g/helk-spark-master:2.4.3
+    image: otrf/helk-spark-master:2.4.4
     container_name: helk-spark-master
     logging:
       driver: "json-file"
@@ -224,7 +224,7 @@ services:
     networks:
       helk:
   helk-spark-worker:
-    image: cyb3rward0g/helk-spark-worker:2.4.3
+    image: otrf/helk-spark-worker:2.4.4
     container_name: helk-spark-worker
     logging:
       driver: "json-file"
@@ -242,7 +242,7 @@ services:
     networks:
       helk:
   helk-elastalert:
-    image: cyb3rward0g/helk-elastalert:0.2.5
+    image: otrf/helk-elastalert:0.2.6
     container_name: helk-elastalert
     logging:
       driver: "json-file"

docker/helk-kibana-notebook-analysis-basic.yml

@@ -34,7 +34,7 @@ services:
     networks:
       helk:
   helk-logstash:
-    build: helk-logstash/
+    image: docker.elastic.co/logstash/logstash:7.5.1
     container_name: helk-logstash
     logging:
       driver: "json-file"
@@ -82,7 +82,7 @@ services:
     networks:
       helk:
   helk-nginx:
-    image: cyb3rward0g/helk-nginx:0.0.7
+    image: otrf/helk-nginx:0.0.8
     container_name: helk-nginx
     logging:
       driver: "json-file"
@@ -105,7 +105,7 @@ services:
     networks:
       helk:
   helk-zookeeper:
-    image: cyb3rward0g/helk-zookeeper:2.2.0
+    image: otrf/helk-zookeeper:2.3.0
     container_name: helk-zookeeper
     logging:
       driver: "json-file"
@@ -118,7 +118,7 @@ services:
     networks:
       helk:
   helk-kafka-broker:
-    image: cyb3rward0g/helk-kafka-broker:2.2.0
+    image: otrf/helk-kafka-broker:2.3.0
     container_name: helk-kafka-broker
     logging:
       driver: "json-file"
@@ -202,7 +202,7 @@ services:
     networks:
       helk:
   helk-spark-master:
-    image: cyb3rward0g/helk-spark-master:2.4.3
+    image: otrf/helk-spark-master:2.4.4
     container_name: helk-spark-master
     logging:
       driver: "json-file"
@@ -220,7 +220,7 @@ services:
     networks:
       helk:
   helk-spark-worker:
-    image: cyb3rward0g/helk-spark-worker:2.4.3
+    image: otrf/helk-spark-worker:2.4.4
     container_name: helk-spark-worker
     logging:
       driver: "json-file"