The RedELK client components using Ansible, a powerful automation tool that streamlines the installation and management of cybersecurity monitoring systems.
As RedELK enhances the capabilities of red teaming operations by aggregating data and providing insightful analytics, mastering its deployment is crucial for effective cybersecurity defenses.
We’ll detail the necessary configurations, dependencies, and steps to successfully integrate RedELK into your security infrastructure.
The following variables can be modified:
Key | Type | Default | Description |
---|---|---|---|
attack_scenario | string | "redteam" | Name of the red team attack scenario. Currently only one name is supported |
es_deploy_beats | list | ["filebeat"] | Set which beats to deploy (possible values: filebeat / apm-server / auditbeat / heartbeat / metricbeat / nagioscheckbeat / packetbeat ) |
es_version | string | "7.16.3" | Elastic version |
optsec_dir | string | "/opt" | Base directory for components install (where customer data will be stored) – allows to store on an encrypted partition/disk |
redelk_cert_path | string | "certificates/redelk" | Local path to store RedELK certificates. This should match the value of redelk_cert_path in redelk-server role. |
redelk_server_host | string | "localhost" | Hostname or IP of the RedELK server (used for filebeat destination) |
redelk_user | string | "redelk" | RedELK SSH username (used to sync data between RedELK monitoring server and the clients) |
ssh_keys_path | string | "ssh_keys" | Local path to store ssh keys |
There is no specific dependency for this module.
- name: Apply redelk-client role to teamservers
hosts: teamservers
gather_facts: True
tags:
- teamservers
roles:
- redelk-client
- name: Apply redelk-client role to redirectors
hosts: redirectors
gather_facts: True
tags:
- redirectors
roles:
- redelk-client
[monitoring]
redelk-server ansible_user=rtoperator ansible_host=192.168.20.150 ansible_become_password=redelk type=monitoring
[teamservers]
c2-01 ansible_user=rtoperator ansible_host=192.168.20.151 ansible_become_password=redelk type=c2
[redirectors]
redir-01 ansible_user=rtoperator ansible_host=192.168.20.152 ansible_become_password=redelk type=redirector
Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…
A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…
LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…