🚀 ElasticSecOpsCoPilot — Autonomous IOC Enrichment for Elastic Security
#security#elasticsearch#socautomation#threathunting
Shresth Paul

Shresth Paul @secbyshresth

About: 🛡️ Security Analyst | 🐧 Arch Linux tinkerer | OSS contributor Writing about Linux, security, and open-source hacks.

Location:
India
Joined:
Aug 15, 2025

🚀 ElasticSecOpsCoPilot — Autonomous IOC Enrichment for Elastic Security

Publish Date: Nov 19
0 0

I just released ElasticSecOpsCoPilot, a Python-powered continuous enrichment engine.

🔥 What It Does

  • Extracts IOCs from logs-* and events-*
  • Enriches them using:
    • VirusTotal
    • AbuseIPDB
    • Shodan
    • WHOIS
    • IPLocation.net
  • Writes structured enriched documents back into Elasticsearch

🧠 Why I Built It
Most SOCs don’t have continuous enrichment pipelines, especially small/medium teams relying heavily on Elastic Security. This tool closes that gap with:

  • Real-time enrichment loop
  • Rate-limited API calls
  • Lightweight document schemas
  • Zero vendor lock-in

🛠️ Tech Stack: -
Python, Elastic Cloud Serverless, VirusTotal API, AbuseIPDB, Shodan, free Geo IP APIs.

📦 Repo: -
👉 https://github.com/SecByShresth/ElasticSecOpsCoPilot

Comments 0 total

    Add comment