The RedELK client components using Ansible, a powerful automation tool that streamlines the installation and management of cybersecurity monitoring systems.
As RedELK enhances the capabilities of red teaming operations by aggregating data and providing insightful analytics, mastering its deployment is crucial for effective cybersecurity defenses.
We’ll detail the necessary configurations, dependencies, and steps to successfully integrate RedELK into your security infrastructure.
The following variables can be modified:
| Key | Type | Default | Description |
|---|---|---|---|
| attack_scenario | string | "redteam" | Name of the red team attack scenario. Currently only one name is supported |
| es_deploy_beats | list | ["filebeat"] | Set which beats to deploy (possible values: filebeat / apm-server / auditbeat / heartbeat / metricbeat / nagioscheckbeat / packetbeat) |
| es_version | string | "7.16.3" | Elastic version |
| optsec_dir | string | "/opt" | Base directory for components install (where customer data will be stored) – allows to store on an encrypted partition/disk |
| redelk_cert_path | string | "certificates/redelk" | Local path to store RedELK certificates. This should match the value of redelk_cert_path in redelk-server role. |
| redelk_server_host | string | "localhost" | Hostname or IP of the RedELK server (used for filebeat destination) |
| redelk_user | string | "redelk" | RedELK SSH username (used to sync data between RedELK monitoring server and the clients) |
| ssh_keys_path | string | "ssh_keys" | Local path to store ssh keys |
There is no specific dependency for this module.
- name: Apply redelk-client role to teamservers
hosts: teamservers
gather_facts: True
tags:
- teamservers
roles:
- redelk-client
- name: Apply redelk-client role to redirectors
hosts: redirectors
gather_facts: True
tags:
- redirectors
roles:
- redelk-client[monitoring]
redelk-server ansible_user=rtoperator ansible_host=192.168.20.150 ansible_become_password=redelk type=monitoring
[teamservers]
c2-01 ansible_user=rtoperator ansible_host=192.168.20.151 ansible_become_password=redelk type=c2
[redirectors]
redir-01 ansible_user=rtoperator ansible_host=192.168.20.152 ansible_become_password=redelk type=redirectorFlutter Mobile Application Reverse Engineering Tool by Compiling Dart AOT Runtime. Currently, the application supports…
Welcome to FLARE-VM - a collection of software installations scripts for Windows systems that allows…
AWS IAM Username Enumerator and Password Spraying Tool in Python3 In order to use the…
A data hoarder’s dream come true: bundle any web page into a single HTML file.…
This repo contains all variants of information security & Bug bounty & Penetration Testing write-up…
site:*/sign-in site:*/account/login site:*/forum/ucp.php?mode=login inurl:memberlist.php?mode=viewprofile intitle:"EdgeOS" intext:"Please login" inurl:user_login.php intitle:"Web Management Login" site:*/users/login_form site:*/access/unauthenticated site:account.*.*/login site:admin.*.com/signin/…