Update README.md

This project is created due to the necessity of easily adding downloaded events from KYPO portal into local ELK instance for further analysis.

## Requirements

Tested with:

Tested with (should also work with higher versions):

| Technology | Version |

| :---: | :---: |

## Library Usage

Just place the data from selected KYPO event (portal events and bash actions), e.g., `echo - Kobylka 3302`. Then go to the folder with `insert-events.sh` file and run the `insert-events.sh` script as follows (please read the next instructions about file naming convention for audit events):

```

$ ./insert-events.sh "PATH-To-YOUR-KYPO-PORTAL-EVENTS-FOLDER" "PATH-To-YOUR-KYPO-PORTAL-BASH-HISTORY-COMMANDS-DIR"

$ ./insert-events.sh "PATH-TO-YOUR-KYPO-EVENT-FOLDER"

```

e.g.,

```

$ ./insert-events.sh "/home/seda/kypo-events/echo - Kobylka 3302" "/home/seda/kypo-events/logs_dir"

$ ./insert-events.sh "/home/seda/kypo-events/echo - Kobylka 3302"

```

Where the content inside `echo - Kobylka 3302 is` as follows:

Where the data directory of, e.g., `echo - Kobylka 3302 is` must be structured as follows:

![kypo-events-folder](https://gitlab.fi.muni.cz/kypolab/elk-portal-events/-/wikis/uploads/fbebce89ba112084a6ccd9989440f51f/echo_Kobylka_content.PNG)

and `BASH-HISTORY-COMMANDS-DIR` is as follows:

![kypo-events-folder](https://gitlab.fi.muni.cz/kypolab/elk-portal-events/-/wikis/uploads/a7ffbfdab1d257709f4d54b965fea770/image.png)

![kypo-bash-history-logs-folder](https://gitlab.fi.muni.cz/kypolab/elk-portal-events/-/wikis/uploads/841b46098f7b1d42a2b6812b0148875a/image.png)

on the root level the `training_definition-id*.json` have to be placed and these two folders: (i) `command histories` and (ii) `training events`.

This script basically goes through all the files in the given directories and inside it search for files that match the pattern `*-events.json` or `*-useractions.json` and inserts all the content of those files under the correct index into local Elasticsearch instance running on port 9200.

where directory `command histories` is, e.g., as follows:

![kypo-bash-history-logs-folder](https://gitlab.fi.muni.cz/kypolab/elk-portal-events/-/wikis/uploads/841b46098f7b1d42a2b6812b0148875a/image.png)

### Inserting just kypo portal events or kypo bash history commands

If you want to insert just `kypo portal events` run the script as follows:

and `training events`, e.g., is as follows:

```

$ ./insert-events.sh "PATH-TO-YOUR-KYPO-PORTAL-EVENTS-FOLDER" ""

```

Otherwise, if you want to insert just `kypo bash history commands` run the script as follows:

```

$ ./insert-events.sh "" "PATH-TO-YOUR-KYPO-PORTAL-BASH-HISTORY-COMMANDS-DIR"

```

![kypo-events-folder](https://gitlab.fi.muni.cz/kypolab/elk-portal-events/-/wikis/uploads/fbebce89ba112084a6ccd9989440f51f/echo_Kobylka_content.PNG)

### Inserting training definition

It is appropriate to insert also training definition data as follows:

```

$ ./insert-td.sh "PATH-TO-YOUR-FOLDER-WITH-TRAINING-DEFINITION"

```

This script basically goes through all the files in the given directories and inside it search for files that match the pattern `*-events.json` or `*-useractions.json` and inserts all the content of those files under the correct index into local Elasticsearch instance running on port 9200.

## Checking the Data in ELK