How To Setup ELK | Elastic Agents & Sysmon for Cybersecurity
ฝัง
- เผยแพร่เมื่อ 9 พ.ค. 2023
- j-h.io/pwyc || Jump into Pay What You Can training -- at whatever cost makes sense for you! j-h.io/pwyc
🔥 TH-cam ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
I deployed and installed ELK for my company recently! Would love to see more content on log monitoring and detection!
hey, do you have more resources for the same? I wanna learn this before I land for my job
This is exactly what I'm doing next week after classes end. Thanks!
You have been dropping so much content recently, thanks man 🔥🔥
Aahh! Was literally just doing this on my own a week ago, perfect timing!
Thanks for the video. Helping our Siem group understand these tools in security onion.
Thank you, John! Very informative.
It's fun to see the setup of a platform that I've used before.
Thanks John, great content as always! Maybe doing a demo on spinning up a SecurityOnion VM would be helpful for many of your "Blue Team" viewers.
was going to say...Security Onion, preconfigured ELK SIEM, makes life way easier.
Yes please do this
5:11 Bless you!
This content is brilliant.
Love your videos!!!
BHIS/Antisyphon/WWHF are AWESOME!!!
I'M A HUGE FAN.
Hi John, thanks for your videos. Quick question: In terms of security and spying, is it better to dual boot a Kali distro or run it in a VM? I'm almost certain windows can spy on the VM through virtual box software but I'm wondering if a dual boot would be any more secure considering I'm running an AMD system and realistically there would be a backdoor some where.
Would love to hear your thoughts. Thanks in advance!
Hello, John. Thanks for your content. It is really fun and direct. I hope you can see this question. I want to produce my own cyberattack dataset for later machine learning analysis. I am using ELK apps, more precisely Elasticsearch, Kibana, Logstash, and the Beats (Packetbeat, Metricbeat, Winlogbeat, etc.) in a Windows virtual machine to collect event logs in a virtualized 1vs1 scenario (kali vs windows). And, of course, it is difficult, for example, to perform a scanning recognition procedure from the Kali machine and see what are the effects in the windows machine (at the level of network, system performance, and other aspects that Beats allow to minitor). I am learning MITRE ATT&CK to learn the steps of certain attacks but somehow I feel there might be another way to track the effects of the different stages of the kill-chain procedure and be able to tag those actions as, for instance, "malicious" or "benign". Thanks, in advance for any help, from everyone.
That sneeze zoom. Hahahaha. Creative! :3 🎉😂💀😅🔥🤡🤝😁🔥🔥😎
Love the shirt. I rock the same one at the office.
Omgggg I want that shirt !!!
Could you kindly provide us with a video for SIEM Splunk Enterprise? We appreciate all the efforts you have made thus far. Thank you.
Please make more videos about Elastic! like setting rules for alerts or how to integrate with EDR, IPS or Firewall or Antivirus. Would really be nice
That would be nice. Rules and alerts are pretty simple. Hopefully he will do something like that for you all.
If you're looking at pulling firewall etc. I recommend looking at using filebeat or set up agent and deploy that on your host. That'll give you out of the box parsing and kibana dashboards from the get go for that or syslog, or f5, or whatever module you enable.
There's pros and cons to both, and while I prefer to use beats for certain reasons, agent can be great. Especially when you have a lot of hosts and want to use fleet to manage everything. While beats are more flexible to the user, fleet agent makes more sense in large environments.
We can use integrations of the left menu as well, add and manage right there in kibana if you don't like going in the terminal.
Pretty much exactly how he added is how you add any integration. Some of course require certain information such as the the email integration.
Are there any areas that are of particular problems you need help with?
Love the shirt John :D
Wazuh is almost the same right? I heard that it uses the ELK stack
I have deployed a website using devsecops methodology, I want to use elk for the last stage i.e monitoring. What are the steps to integrate?
Thanks John! Question : this seems to all hinge upon sysmon which is not installed by default in Windows. Is the idea here than an org would rollout sysmon widespread as a logging agent for company workstations?
I did not understood the usage of sysmon here. I understand that sysmon is a monitoring application but I did not see any key usage ...
Is there a way to self host elastic or something similar, $95 a month is a bit steep.
In 14:03, when you say "tracking around in EDR", with EDR you mean "Endpoint Detection and Response"??
Can you do a full course here on YT on Kali Purple?
How can John get the 150 day trial?
-n is for network
I could’ve used this a month ago 😭😭😭😭 I just set my home instance up.
Honestly I don’t know why Logstash is still a thing. Even elastic pushes the Agent so much and with all the integrations it is possible to send most of the logs directly without Logstash. It could be useful when a lot of data needs to be parsed and you won’t pay the CPU usage in the cloud
I too like typing CD over and over😂
5:10 That wasn't worth the warning. I thought a loud beep would happen but that sneeze was not loud at all. I sneeze much louder, kinda like my stepgrandfather did.
👍🏾
Seeing Bash commands on Windows still bothers me
John I wish to introduce you to Wazuh, which is backed by opensearch and kibana and has an agent that runs on each host. Saves you from having to do this all yourself!
You know that [Y/n] Yes is default option and hitting enter will assume Y? (it's quite common in Linux)
Video spree
Takes John Hammond 14 minutes to do this. Took me many hours :(
The ELK stack is awesome. But Splunk is king 👑. Great content! Keep up the great work.
I use kibana at work. It's okay. I kinda like just raw log reading better. But the elk stack has its place.
Early :3
why is your windows user called adhd ...
5:11 say Alhamdulillah
elastic cloud after 14 days trial ......WE have to DELETE this lab after 14 days...