Elastic Lab (part 7) - Conclusion and Shortcuts

Concluding this project, here are the parts (mostly for my ease of access):

Part Zero - Introduction

Part 1 - Installing VMWare

Part 2 - Installing Debian Linux

Part 3 - Installing Elastic

Part 4 - Installing and configuring Kibana

Part 5 - Installing Logstash

Part 6 - Installing Winlogbeat

Several great people have pointed out that there are easier ways to do this.

YES THERE ARE. The above lab is to learn different skills, see how some of the ELK stack components work together, and what they need. It is NOT a professional buildout (missing certificates, encryption, authentication and authorization, just to start). It's for someone building a SIEM as a START to a cybersecurity journey.

Now, if someone wants to skip part of that headache, it's totally possible to grab the work someone else has done. Containers have been built which have the ELK stack already ready to go without so much work.

Here's one in Github

And Here's another in Github.

In addition, if you go to the Docker Hub and search for "elastic" you will find LOTS of containers that are ready to go. I HIGHLY recommend you check it out!

"WHY OH WHY" did I not just post these links from the beginning?

I think learning is a process, and anyone who has put their own ELK stack together from scratch has probably learned quite a bit. When I was introduced to firewalls in 2010, we built access control rules from scratch piece by piece to understand what the stateful firewall was doing- a very frustrating exercise that was very informative.

Hope you've had fun! But more importantly learned something, and have some tools to utilize. Please let me know if there's anything I can improve in these articles. :)