Update cobaltstrike logstash to parse DNS beacon - Githubissues

outflanknl / RedELK

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

BSD 3-Clause "New" or "Revised" License

2.38k stars 370 forks source link

Update cobaltstrike logstash to parse DNS beacon #251

Closed sunnyneo closed 2 years ago

sunnyneo commented 2 years ago

Add logstash to parse [metadata] unknown <- 192.168.1.1; computer: UXXXX ; user: user; process: beacon.exe; pid: 9243; os: Windows; version: 10.0; build: 19042; beacon arch: x64 (x64)