These are a few SOF-ELK Dashboards that I've built and found useful for DFIR Cases. You're welcome to use these or suggest updates to them via Pull request.
A lot of these Dashboards were developed from performing Cloud log analysis, but hopefully it will include others....as I get time to create them.
These dasboards are for the current version of SOF-ELK using the Elastic Common Schema (ECS)
These dasboards are for the pre-ECS version of SOF-ELK before it was upgrade to include the Elastic Common Schema (ECS).
- Microsoft 365 UAL Dashboard
- Google Workspace Dashboard
- Google Cloud Dasboard
- AWS Kubernetes Dasboard
