Masterful way of introducing a complex topic and diving deep and still keep it interesting, relevant & comprehensive. I wish more creators share your clarity
Hey, something that was unclear - why do you send the data to LogStash with FileBeat, as it only seems to be able to create one fixed Index, while your Kibana source showed a more granular, date-increasing FileBeat Index, indicating that you sent the data directly to Elasticsearch. If you could elaborate on that, that'd be cool. Also I'm not quite sure I got the hang of what the benefit of using LogStash vs Elasticsearch as a collector is; I get that you can somehow "enrich" data, which sounds good, but is actually unclear to how it fares in a production scenario.
I learned so many things from this and not just about the elastic stack
This is definitely one of the best resources on the internet on the subject. Thank you for sharing John.
Masterful way of introducing a complex topic and diving deep and still keep it interesting, relevant & comprehensive. I wish more creators share your clarity
This should definitely have more views. I found it via John Hagen's SOF-ELK SANS webcast. Thanks!
Amazing content!
Still a lot applies until today!
Thanks John!
Great video! Please do more videos of ELK SIEM
Excellent content, brilliant work you 've done there. Thank you so much for making this video. Feel lucky to find your channel
Thank you Jon for this awesome content put together.
Going to give this a watch tonight - curious to see if you discuss limitations or infrastructure to run it large scale.
Very interesting talk, a complement for SEC555, thanks you John.
Very interesting, but one of the main features of a SIEM is correlation: how to implement simple/complex correlation rules in ELK?
great learning material! May be some example of logstash conf file with firewall configuration would be useful!
Thank you so much for this video, I really appreciate your knowledge and efforts!!!
Very good video. Thank you!
Very helpful, thank you John.
❤
Is there any recommendations for distributed architecture hardware requirements?
Hey, something that was unclear - why do you send the data to LogStash with FileBeat, as it only seems to be able to create one fixed Index, while your Kibana source showed a more granular, date-increasing FileBeat Index, indicating that you sent the data directly to Elasticsearch. If you could elaborate on that, that'd be cool.
Also I'm not quite sure I got the hang of what the benefit of using LogStash vs Elasticsearch as a collector is; I get that you can somehow "enrich" data, which sounds good, but is actually unclear to how it fares in a production scenario.
Jonh, are slides available somewhere?
Thank you!!
Your explanation of Schema is completely WRONG.