Setting Up Elastic to Monitor and Secure Your Environment

This article is intended for security analysts, SOC analysts, cybersecurity engineers, threat hunters, and system administrators who want to set up Elastic SIEM to expand their skills. It will guide you through the essential steps to get Elastic SIEM up and running, providing a solid foundation for your cybersecurity project.

Step 1: Prepare a Linux virtual machine by installing a compatible distribution, such as Kali or Ubuntu. If you need help setting up a hypervisor and installing Kali, check out my guide on setting up VMware and installing virtual machines: https://www.dhirubhai.net/pulse/set-up-vmware-install-virtual-machines-lab-ivan-marshutka-e1ubc/?trackingId=oPyG8jVvkKVOPwsa3W0c7w%3D%3D

Step 2: Sign up for Elastic's 14-day free trial to access their full suite of features and tools: https://www.elastic.co/cloud/elasticsearch-service/signup

Step 3: In the "Welcome to Elastic Cloud" menu, press "Create Deployment," select the "Elastic for Security" solution view for your deployment, and create the deployment. The launch process should take up to 5 minutes. Once completed, press "Continue" to launch the deployment.

Step 4: Now, we need to install the agent on the Linux VM to push telemetry to the SIEM. Go to the search bar, choose "Integrations," and then select "Elastic Defend." You can choose to add the integration for more control and manual configuration or install the Elastic Agent for seamless data collection and analysis. In this case, we will choose the integration only.

Add the integration name and choose “Complete EDR (Endpoint Detection & Response),” then save and continue. Press “Add Elastic Agent to your host.” In our case, copy the code from “Linux Tar,” paste it into your Linux VM terminal, and run it.

Enter “sudo systemctl status elastic-agent.service” to verify the installation.

Congratulations! You've successfully integrated Elastic with your VM.