homepage
Open menu
Contact Sales

SOF-ELK®

SOF-ELK® is a “big data analytics” platform focused on the typical needs of computer forensic investigators/analysts and information security operations personnel. The platform is a customized build of the open source Elastic stack, consisting of the Elasticsearch storage and search engine, Logstash ingest and enrichment system, Kibana dashboard frontend, and Elastic Beats log shipper (specifically filebeat). With a significant amount of customization and ongoing development, SOF-ELK® users can avoid the typically long and involved setup process the Elastic stack requires. Instead, they can simply download the pre-built and ready-to-use SOF-ELK® virtual appliance that consumes various source data types (numerous log types as well as NetFlow), parsing out the most critical data and visualizing it on several stock dashboards. Advanced users can build visualizations the suit their own investigative or operational requirements, optionally contributing those back to the primary code repository.

By
Phil Hagen
Download
470x382_SOF-ELK_Tools.jpg

The SOF-ELK® platform was initially developed for SANS course FOR572: Advanced Network Forensics and Analysis, and is now used in several other SANS courses, with additional course integrations being considered. Most importantly, the platform is also distributed as a free and open source resource for the community at large, without a specific course requirement or tie-in required to use it.

SOF-ELK is a free resource for the digital forensic and broader information security communities at large — a ready-to-use appliance that teams can use without having to invest the many hours into deploying, configuring, and maintaining an Elastic Stack instance.

Related Content

Blog
OO - Blog - November 2024's Top Threats_340 x 340.jpg
Digital Forensics, Incident Response & Threat Hunting
SANS Threat Analysis Rundown in Review: Breaking Down November 2024’s Top Threats
There’s always plenty of news on cyber threats to discuss, and this month was no exception.
370x370_katie-nickels.jpg
Katie Nickels
read more
Blog
DFIR - Blog - Women In Russian-speaking Cybercrime_340 x 340.jpg
Digital Forensics, Incident Response & Threat Hunting
Women In Russian-Speaking Cybercrime: Mythical Creatures or Significant Members of Underground?
Women’s roles in Russian-speaking cybercrime, though less visible than men’s, are evolving and significant.
Anastasia Sentsova
Anastasia Sentsova
read more
Blog
DFIR - Blog - New FOR518- Mac and iOS Forensic Analysis Poster Update_340 x 340.jpg
Digital Forensics, Incident Response & Threat Hunting
New FOR518: Mac and iOS Forensic Analysis Poster Update
The latest updates to the Digital Forensics and Incident Response Poster bring a wealth of new sections and enhancements.
Kathryn_Hedley_370x370.png
Kathryn Hedley
read more