Workshops / Training

21st Wednesday, August 19 to 23rd Friday, August 19
9:00 am to 5:00 pm
EGUARDIAN Training Center

Elastic Stack is combination of several very popular and powerful opensource projects; Elasticsearch, Logstash, Kibana and Beats (Filebeat, Auditbeat Packetbeat, Heartbeat, Etc). The Elastic Stack is a complete end to end log analysis solution which is used for searching, analyzing and visualizing.

Elastic Stack is a Real time text-based search and analysis engine.


Despite being 3 different projects they have been built to work beautifully together. Elasticsearch is a search and analytics engine whilst, Logstash allows data collection from a variety of sources, and Kibana a visualization tool.


During this practical, hands-on workshop Janith will take you through each element of the Elastic Stack, explaining various concepts in detail. The workshop will consist of a live demo on installing, configuring and the correct use of each tool.  This 3 day session will help you in better understanding the Elastic Stack, and how to use it for security monitoring by building an SIEM solution using Elastic Stack and other opensource tools.


Day 1 :  21 August

Understanding Elasticsearch – Basic concepts and how to use it

Elasticsearch has become the most popular search engine used to explore, record, access, analyze and process unstructured data. Built on Apache Lucene, this open-source, RESTful,  analytics engine is commonly used for security intelligence, business analytics, and operational intelligence and has many benefits;


We will explore;

  • What is Elasticsearch
  • Benefits of Elasticsearch
  • Basic concepts of Elasticsearch such as Indices, Cluster, and Nodes
  • Installation and configuration of Elasticsearch
  • Installing and using Cerebro

Day 2 :  22 August

Getting started with Logstash

Logstash very easily pulls in data from logs, metrics, web applications, data stores, and various other services and transforming them to a common format for more easy analysis. We will also explore  Conditional filters and getting started with beats: how to use end point agents such as filebeat, auditbeat, packetbeat, etc… for log collection.


We will explore;

  • What is Logstash
  • Format of config file and Filtering in Logstash
  • Installation and configuration of Logstash
  • How to run Logstash
  • Introduction to Beats
  • Installation and configuration of Beats to collect network data, logs from files and system data

Day 3 :  23 August

Kibana for data visualization

Built on top of Elasticsearch Kibana leverages the functionalities of Elasticsearch providing visualization capabilities on top of the content indexed on an Elasticsearch cluster. One can create different types of charts and maps on top of large volumes of data with Kibana and it also provides a presentation tool.


We will explore;

  • What is Kibana
  • Data visualization and dashboards with Kibana
  • How to Install Kibana
  • Displaying your visualization in a dashboard



Janith Malinga

Janith is a Cybersecurity consultant at EGUARDIAN Global Services. With over 3 years of Cybersecurity experience he focuses mainly on Penetration Testing, System Auditing, Reverse Engineering, Writing and Testing exploits and coding Python. Janith regularly engages in Penetration testing(Web/Network), Red team/Blue Team/Purple team engagements, Memory Forensics and Incident Response projects. Janith has also completed SANS SEC 455: SIEM Design & Implementation