Elastic Lab (part 0) - About this project
William Douglass
Cyber Threat Analyst, Adjunct Cybersecurity Professor, Small Business Owner
While I'm waiting for access to start my "real work" as a Cyber Analyst, I dug into building a lab to play around with. It's interesting as some of the things I know I knew have atrophied a bit, so it was refreshing to have to look commands up and remember how to run the command line.
Why Elastic? Elasticsearch is a distributed database which has been adapted to use with Logstash and Kibana (the "ELK stack") as a Security Information and Event Management (SIEM) solution. Cybersecurity depends on information which has been filtered to provide an analyst with the events which may indicate there are problems going on- the SIEM tool is used as a location for the analyst to investigate, corroborate or discard alerts or warnings to find cybersecurity breaches. Since the ELK stack is so efficient at ingesting, storing, retrieving, and analyzing large amounts of data, many cybersecurity organizations have become adept at using it for their work.
AND, ELK is FREE for anyone to download and utilize! Free comes with challenges sometimes- it often means a little more work must be expended compared to using more expensive products. It took me an embarrassingly long time to get my lab working the first time, but as I ran through setting up a second instance, I documented my work to hopefully save others the headache.
领英推荐
For this project I decided to use Debian Linux inside VMWare Workstation Pro, which are also both free to download. Debian Version 12 supports most ELK features and is fairly easy to use. Each major version of Linux is slightly different in the commands and features it uses. Workstation Pro supports multiple VMs running concurrently, Snapshots, advanced networks, and other features. As time goes on I hope to add VMs to my lab environment to test and practice my skills and cyber security developments.
I would recommend first of all some familiarity with the Elasticsearch (ELK) family of products. This 11 minute video breaks down the very basics about Elasticsearch. The following videos are great too!
NEXT I'll start with the infrastructure needed for install. Click here for Part 1.
Cyberspace Officer @ US Army | Master's in Cybersecurity CISSP | CISM | CASP | CEH | CYSA | SEC+ | CCNA | Cisco CyberOPS | GSED | GSEC | GMON | GSNA | GCCC | GCIA | GCIH | GCWN | GSLC | GSOC | CC
1 个月Great product!!
Platform Engineer ?? | Army Software Factory ?? | Cloud ?? | Data ??? | Innovation ??
1 个月Chris Jackson check out the YouTube link in there to help with your bake off ?? William Douglass with the direction of containerization you are always welcome to do the lab on a container platform such as docker desktop Kubernetes and deploy ELK via helm charts. I remember my days of doing it on a VM and now I’m just too much of helm fanboy to quickly deploy software ??
Cyberspace Defense Warrant Officer | Cyber Defense, Cyber Threat Hunting
1 个月Will this is awesome. Just reading the documentation alone can be challenging for new defenders to build out the ELK stack. As always, thank you for giving back to the community.