Because of the different environment , we would not use the whole HELK docker package to setup . For example, we do not use logstash , winlogbeat but our own collector , filter and other datasource. All the data would be normalized and saved to Elasticssearch. If I only setup several components which are Spark, Graphframes and Elasticssearch to do the same things as HELK (Threat Hunting) , I don't know if it has the same effect of HELK.
Because of the different environment , we would not use the whole HELK docker package to setup . For example, we do not use logstash , winlogbeat but our own collector , filter and other datasource. All the data would be normalized and saved to Elasticssearch. If I only setup several components which are Spark, Graphframes and Elasticssearch to do the same things as HELK (Threat Hunting) , I don't know if it has the same effect of HELK.
Thanks.