SOF-ELK

SOF-ELK (Security Operations and Forensics Elasticsearch, Logstash, Kibana) is a pre-configured virtual machine to be used within one of SANS’s forensics classes.

https://github.com/philhagen/sof-elk

https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/