HELK (The Hunting ELK)
Tool and Usage
- BSD 3-clause
- Roberto Rodriguez
- Latest release
- Latest release date
Why this tool?
The main purpose to use HELK is to do analytic research on data, which are typically the events coming from your systems. Suspicious events could be discovered by doing so-called threat hunting. It may give additional insights about the existing infrastructure and required security defenses.
Usage and audience
HELK is commonly used for system monitoring, threat discovery, or threat hunting. Target users for this tool are security professionals.
- Tool allows multiple integrations
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code of this software is available
Supported operating systems
HELK is known to work on Linux.
Similar tools to HELK:
Rastrea2r is a threat hunting utility for indicators of compromise (IOC) and can be used by SOC analysts and incident responders. Learn how it works in this review.
MISP is short for Malware Information Sharing Platform. It helps with sharing threat data which can be used by defenders and malware researchers.
Sqhunter performs threat hunting in your environment. It runs on the salt master node and queries open network sockets, among other information.
This tool page was updated at . Found an improvement? Help the community by submitting an update.
Related tool information
This tool is categorized as a threat hunting tool.