It’s time to master your data. This course will teach you how to use the Elasticsearch, Logstash, and Kibana (ELK) to build your own IDS console, investigation platform, or security analysis lab. You must master your data If you want to catch bad guys and find evil. But, how can you do that? That’s where the ELK stack comes in. ELK is Elasticsearch, Logstash, and Kibana and together they provide a framework for collecting, storing, and investigating network security data. In this course, you’ll learn how to use this powerful trio to perform security analysis. This isn’t just an ELK course, it’s a course on how to use ELK specifically for incident responders, network security monitoring analysts, and other security blue teamers.
Syllabus
- Elasticsearch: How data is stored and indexed. Working with JSON documents.
- Logstash: How to collect and manipulate structured and unstructured data.
- Kibana: Techniques for searching data and building useful visualizations and dashboards.
- Beats: Use the agent to ship data from endpoints and servers to your ELK systems.
- HTTP Proxy Logs
- File-Based Logs (Unix, auth, and application logs)
- Windows Events & Sysmon Data
- NetFlow Data
- IDS Alerts
- Dealing with any CSV file you’re handed
- Parsing unstructured logs, no matter how weird they are
نظرات کاربران
Comments: 0