Blue Baron is a set of modules for Terraform which tries to automate creating resilient, disposable, secure and agile monitoring infrastructure for Blue Teams.
Authors: John Torakis (@operatorequals), Giannis Christinakis (@gian2dchris)
The initial inspiration for this comes from the below blog posts:
- Beat's blog post on Cloud-Native Kubernetes SIEM - Security Sky-Gazing
- SpecterOps' HELK blog post - What the HELK? SIGMA integration via Elastalert
- Security Shenanigans' on Building an open-source SIEM - Building an open-source SIEM: combining ELK, Wazuh HIDS and Elastalert for optimal performance
The name and the artwork are based on byt3bl33d3rs' Red-Baron, the Mecca of Red Team Infrastructure.
Blue Baron works with Terraform version 0.13.x or newer.
Navigate under examples/ for instructions on deploying Blue-Baron environments on:
- Bare-Metal and Minimum
- AWS
- Azure
The Blue Baron repository is licensed under the GNU General Public License v3.0.