Elk Detection Lab Save

An ELK environment containing interesting security datasets.

Project README

ELK Detection Lab

An ELK environment loaded with the following datasets:

Thanks to the authors of the datasets as well as:


You need at least:

  • a working Docker CE installation with docker-compose
  • 8 GB free disk space
  • 2 GB RAM for a reasonable Elasticsearch performance


Clone this repository and the dataset submodules with:

git clone --recurse-submodules https://github.com/thomaspatzke/elk-detection-lab.git

Run this command to start the ELK environment and import the datasets:

./elk-detection-lab.sh init

Wait at least until the document count of all winlogbeat-* and filebeat-* indices stops to increase which can take several 10 minutes.

After this was run once, the ELK environment can be started without importing the data again:

./elk-detection-lab.sh run


Open the local Kibana in your browser.

The Windows log data starts in November 2018 and the field naming follows the ECS scheme and Winlogbeat 7 conventions.

The data created from the malware-traffic-analysis.net PCAPs is located in the index filebeat-* and goes back to 2013. Please adjust the Kibana time range accordingly.

Open Source Agenda is not affiliated with "Elk Detection Lab" Project. README Source: thomaspatzke/elk-detection-lab
Open Issues
Last Commit
2 years ago

Open Source Agenda Badge

Open Source Agenda Rating