21st Wednesday, August 19 to 23rd Friday, August 19 9:00 am to 5:00 pm EGUARDIAN Training Center
Elastic Stack is combination of several very popular and powerful opensource projects; Elasticsearch, Logstash, Kibana and Beats (Filebeat, Auditbeat Packetbeat, Heartbeat, Etc). The Elastic Stack is a complete end to end log analysis solution which is used for searching, analyzing and visualizing.
Elastic Stack is a Real time text-based search and analysis engine.
Despite being 3 different projects they have been built to work beautifully together. Elasticsearch is a search and analytics engine whilst, Logstash allows data collection from a variety of sources, and Kibana a visualization tool.
During this practical, hands-on workshop Janith will take you through each element of the Elastic Stack, explaining various concepts in detail. The workshop will consist of a live demo on installing, configuring and the correct use of each tool. This 3 day session will help you in better understanding the Elastic Stack, and how to use it for security monitoring by building an SIEM solution using Elastic Stack and other opensource tools.
Day 1 : 21 August
Understanding Elasticsearch – Basic concepts and how to use it
Elasticsearch has become the most popular search engine used to explore, record, access, analyze and process unstructured data. Built on Apache Lucene, this open-source, RESTful, analytics engine is commonly used for security intelligence, business analytics, and operational intelligence and has many benefits;
We will explore;
What is Elasticsearch
Benefits of Elasticsearch
Basic concepts of Elasticsearch such as Indices, Cluster, and Nodes
Installation and configuration of Elasticsearch
Installing and using Cerebro
Day 2 : 22 August
Getting started with Logstash
Logstash very easily pulls in data from logs, metrics, web applications, data stores, and various other services and transforming them to a common format for more easy analysis. We will also explore Conditional filters and getting started with beats: how to use end point agents such as filebeat, auditbeat, packetbeat, etc… for log collection.
We will explore;
What is Logstash
Format of config file and Filtering in Logstash
Installation and configuration of Logstash
How to run Logstash
Introduction to Beats
Installation and configuration of Beats to collect network data, logs from files and system data
Day 3 : 23 August
Kibana for data visualization
Built on top of Elasticsearch Kibana leverages the functionalities of Elasticsearch providing visualization capabilities on top of the content indexed on an Elasticsearch cluster. One can create different types of charts and maps on top of large volumes of data with Kibana and it also provides a presentation tool.
Janith is a Cybersecurity consultant at EGUARDIAN Global Services. With over 3 years of Cybersecurity experience he focuses mainly on Penetration Testing, System Auditing, Reverse Engineering, Writing and Testing exploits and coding Python. Janith regularly engages in Penetration testing(Web/Network), Red team/Blue Team/Purple team engagements, Memory Forensics and Incident Response projects. Janith has also completed SANS SEC 455: SIEM Design & Implementation