Cyb3rSn0rlax
Social MediaGitHub
  • About Cyb3rSn0rlax
  • 🛡️ SOC Engineering
  • 🧞Building an Open SIEM From Scratch
    • 1. Introduction to Elastic Stack
      • a. Installing and configuring Elasticsearch
      • b. Installing and configuring Kibana
      • c. Installing and configuring Logstash
    • 2. Installing OpenDistro for Elasticsearch Plugins
    • 3. Installing ElastAlert
    • 4. ELK Stack: "L" is for Lord of the Stack
      • a- Event Parsing: Pipelines
      • b - Event Parsing : From Beats to Logstash
      • c- Event Normalization with ECS
    • 5. Alerting in ELK
    • 6. Building Detection Rules
    • 7. Metrics Reports & Dashboards
  • 🛡️A Primer to Detection Engineering Dimensions in a SOC Universe
    • Operationalization
    • Execution
    • Analytics
  • 😺GitHub Projects
    • ELK4QRadar
    • Automating ELK Health Check
  • 💾DFIR
    • DFIR-01 : $MFT
    • DFIR-02 : Journal Forensics
    • DFIR-03: RDP Authentication Artifacts
  • ☢️ DEATH : Detection Engineering And Threat Hunting
    • 🔑TA0006 : Credential Access
      • Detecting Remote Credentials Dumping via comsvcs.dll
    • 🦘TA0008 : Lateral Movement
      • Detecting Lateral Movement via Service Configuration Manager
      • Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 1
      • Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 2
  • 🔎Misc
    • Infosec Game-Sense
Powered by GitBook
On this page
  • Introduction
  • ELK Health Check
  1. GitHub Projects

Automating ELK Health Check

A little project I started to learn GoLang and "ELK_Health_Check" is now on my GitHub page. A script to automate some of the basic troubleshooting tasks to locate issues in an elasticsearch cluster.

PreviousELK4QRadarNextDFIR-01 : $MFT

Last updated 3 years ago

Introduction

While I am not a programmer, in cybersecurity, scripting has always been a must skill to upgrade my skillset, and GoLang is gaining popularity specially among cybersecurity professionals for reasons I won't be talking about in this blog post. So, as a start, I tried to answer my needs in troubleshooting an Elasticsearch clusters and automate some of the frequent checks using GoLang since Elastic Stack is my favorite set of tools for threat hunting.

GitHub project repository:

ELK Health Check

This is a script that runs multiple basic checks for an Elasticsearch cluster health and saves everything to text files. The script runs the following checks:

  1. Unavailable nodes based on the number of nodes you provide in your cluster.

  2. Checks indices status (Green, Yellow, Red). Warns you if it detects Yellow indices or Red ones.

  3. Verifies cluster's health using _cluster/health API call.

  4. Checks allocation status using _cat/allocation API call

  5. Looks and warns you for unassigned shards;

  6. Creates a folder in current path and saves every output to files for later usage.

This script only supports cluster nodes using TLS for the moment.

😺
https://github.com/H1L021/ELK_Health_Check
Running ELK Health Check