New alarm: alarm when traffic is hit to any redir backend that has 'alarm' in it. Allows for flexibility in smarter redir logic.
Chained X-Forwarded-For IPs are now also stored, in field source.ip_otherproxies in redirtraffic index.
Outflank Security Tooling specific: Stage1 C2 operator name recorded.
Outflank Security Tooling specific: Data from BlueCheck CertCheck, BlueCheck PasswordChangeCheck and BlueCheck SecurityToolCheck now properly stored in ElasticSearch.
LogStash config now mounted by default, allowing for easier modification of the config.
Template updates.
Fixed bug on storage of www-data/c2logs directory.
Fixed bug to make email alarms working again.
Several smaller bugfixes.
v2.0.0-beta.5
2 years ago
Version 2.0.0 BETA5
log4shell fix: bumped ELK stack to 7.16.3
Further Docker and memory tunings
Moved Greynoise support to community API and allowing a custom API key in config file
Fixed bug on updated API for VirusTotal and IBM X-Force alarms
Fixed bug to make domain classifications via Chameleon.py work again.
Moved Filebeat config files to config directory for easier support of multiple C2s on same machine
Installer script enhancement, a.o. to check if accounts already exist on elkserver
Numerous enhancement for easier development, e.g. pylint and Kibana port accessible from localhost
Many bug fixes
v2.0.0-beta.4
3 years ago
Version 2.0.0 BETA4
Many bug fixes
Migrated background enrichment and alarm scripts to new modular setup
Added support for Cobalt Strike 4.2 and 4.3
Added sample data ingestor when running in dev mode
Made sure Kibana searches Red Team Operations and Redirector Traffic are presented on top of list
Included an ES password import for Jupyter notebooks
Maximized the logging of docker logs
Migrated to official Neo4j container instead of old BloodHound container
Updated the RedELK Kibana app to include management of IP lists inside Kibana
What's new?
Updates release notes for v2 beta4 @MarcOverIP (#168)