search

outflanknl / RedELK

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
BSD 3-Clause "New" or "Revised" License
2.39k stars 372 forks source link

Support for Sliver C2 #220

Open hypnoticpattern opened 2 years ago

hypnoticpattern commented 2 years ago

Add support for ingesting Sliver logs into RedElk. The Audit Logs are in nested-JSON format designed to be primarily machine readable.

MarcOverIP commented 2 years ago

Thanks for brining this to our attention. We are limited in time so I don't see us picking this up in the very near future. Happy to help you though with questions if you decide to start with this yourself!

There is a walkthrough on adding a new C2 framework to RedELK on the wiki: https://github.com/outflanknl/RedELK/wiki/Red-team-tooling-support#adding-support-for-other-c2-frameworks

runesage commented 1 year ago

Has there been any progress on this? Was curious about leveraging this as a part of a red vs blue exercise since sliver is the more popular tooling for the event.

MarcOverIP commented 1 year ago

Dev is ongoing and tracked in #267