Following this guide to install as well as others for config and detection development helped me land a job as a detections engineer. Great content as always!
i finished the Lab!! Thanks Super fun! in the discover section of Kabana,... thank you for showing us that filter section,... it reminds me of the filter section in Wireshark in order to reduce the number of network packets in the PCAP file,... in this case your using a filter to reduce the number of documents in order to make it easier to scan for what your looking for. i learned many things so far! like you cant add policies to an agent,... but you can add agents to a policy! GOOD STUFF!!
Is it realistic to start a business with the ELK Stack? Maybe use snort as well? Use 100% open source solution at least for the first couple years and then cut over?
Thanks John! Question : this seems to all hinge upon sysmon which is not installed by default in Windows. Is the idea here than an org would rollout sysmon widespread as a logging agent for company workstations?
5:10 That wasn't worth the warning. I thought a loud beep would happen but that sneeze was not loud at all. I sneeze much louder, kinda like my stepgrandfather did.
Hi John, thanks for your videos. Quick question: In terms of security and spying, is it better to dual boot a Kali distro or run it in a VM? I'm almost certain windows can spy on the VM through virtual box software but I'm wondering if a dual boot would be any more secure considering I'm running an AMD system and realistically there would be a backdoor some where. Would love to hear your thoughts. Thanks in advance!
That would be nice. Rules and alerts are pretty simple. Hopefully he will do something like that for you all. If you're looking at pulling firewall etc. I recommend looking at using filebeat or set up agent and deploy that on your host. That'll give you out of the box parsing and kibana dashboards from the get go for that or syslog, or f5, or whatever module you enable. There's pros and cons to both, and while I prefer to use beats for certain reasons, agent can be great. Especially when you have a lot of hosts and want to use fleet to manage everything. While beats are more flexible to the user, fleet agent makes more sense in large environments. We can use integrations of the left menu as well, add and manage right there in kibana if you don't like going in the terminal. Pretty much exactly how he added is how you add any integration. Some of course require certain information such as the the email integration. Are there any areas that are of particular problems you need help with?
Honestly I don’t know why Logstash is still a thing. Even elastic pushes the Agent so much and with all the integrations it is possible to send most of the logs directly without Logstash. It could be useful when a lot of data needs to be parsed and you won’t pay the CPU usage in the cloud
John I wish to introduce you to Wazuh, which is backed by opensearch and kibana and has an agent that runs on each host. Saves you from having to do this all yourself!
I deployed and installed ELK for my company recently! Would love to see more content on log monitoring and detection!
hey, do you have more resources for the same? I wanna learn this before I land for my job
This is exactly what I'm doing next week after classes end. Thanks!
Following this guide to install as well as others for config and detection development helped me land a job as a detections engineer. Great content as always!
5:11 Bless you!
Thanks John, great content as always! Maybe doing a demo on spinning up a SecurityOnion VM would be helpful for many of your "Blue Team" viewers.
was going to say...Security Onion, preconfigured ELK SIEM, makes life way easier.
Yes please do this
You have been dropping so much content recently, thanks man 🔥🔥
BHIS/Antisyphon/WWHF are AWESOME!!!
I'M A HUGE FAN.
i finished the Lab!! Thanks Super fun!
in the discover section of Kabana,... thank you for showing us that filter section,... it reminds me of the filter section in Wireshark in order to reduce the number of network packets in the PCAP file,... in this case your using a filter to reduce the number of documents in order to make it easier to scan for what your looking for.
i learned many things so far!
like you cant add policies to an agent,... but you can add agents to a policy!
GOOD STUFF!!
Since some of this relates, I would love to see you do a full video on Security Onion. It there isn’t much coverage on it.
Aahh! Was literally just doing this on my own a week ago, perfect timing!
It's fun to see the setup of a platform that I've used before.
Thanks for the video. Helping our Siem group understand these tools in security onion.
Is it realistic to start a business with the ELK Stack? Maybe use snort as well? Use 100% open source solution at least for the first couple years and then cut over?
Is there a way to self host elastic or something similar, $95 a month is a bit steep.
Love the shirt. I rock the same one at the office.
Wazuh is almost the same right? I heard that it uses the ELK stack
This content is brilliant.
That sneeze zoom. Hahahaha. Creative! :3 🎉😂💀😅🔥🤡🤝😁🔥🔥😎
more content on log monitoring and detection plz
How can John get the 150 day trial?
Thank you, John! Very informative.
The ELK stack is awesome. But Splunk is king 👑. Great content! Keep up the great work.
You are awesome!
Thanks John! Question : this seems to all hinge upon sysmon which is not installed by default in Windows. Is the idea here than an org would rollout sysmon widespread as a logging agent for company workstations?
I have deployed a website using devsecops methodology, I want to use elk for the last stage i.e monitoring. What are the steps to integrate?
How can I get syslog ?? Please comments
Can you do a full course here on YT on Kali Purple?
I use kibana at work. It's okay. I kinda like just raw log reading better. But the elk stack has its place.
Omgggg I want that shirt !!!
Love the shirt John :D
Love your videos!!!
5:10 That wasn't worth the warning. I thought a loud beep would happen but that sneeze was not loud at all. I sneeze much louder, kinda like my stepgrandfather did.
Hi John, thanks for your videos. Quick question: In terms of security and spying, is it better to dual boot a Kali distro or run it in a VM? I'm almost certain windows can spy on the VM through virtual box software but I'm wondering if a dual boot would be any more secure considering I'm running an AMD system and realistically there would be a backdoor some where.
Would love to hear your thoughts. Thanks in advance!
Please make more videos about Elastic! like setting rules for alerts or how to integrate with EDR, IPS or Firewall or Antivirus. Would really be nice
That would be nice. Rules and alerts are pretty simple. Hopefully he will do something like that for you all.
If you're looking at pulling firewall etc. I recommend looking at using filebeat or set up agent and deploy that on your host. That'll give you out of the box parsing and kibana dashboards from the get go for that or syslog, or f5, or whatever module you enable.
There's pros and cons to both, and while I prefer to use beats for certain reasons, agent can be great. Especially when you have a lot of hosts and want to use fleet to manage everything. While beats are more flexible to the user, fleet agent makes more sense in large environments.
We can use integrations of the left menu as well, add and manage right there in kibana if you don't like going in the terminal.
Pretty much exactly how he added is how you add any integration. Some of course require certain information such as the the email integration.
Are there any areas that are of particular problems you need help with?
Could you kindly provide us with a video for SIEM Splunk Enterprise? We appreciate all the efforts you have made thus far. Thank you.
Do a video on Security Onion
[Y/n] already means yes by default!
I too like typing CD over and over😂
-n is for network
Honestly I don’t know why Logstash is still a thing. Even elastic pushes the Agent so much and with all the integrations it is possible to send most of the logs directly without Logstash. It could be useful when a lot of data needs to be parsed and you won’t pay the CPU usage in the cloud
Seeing Bash commands on Windows still bothers me
bless you
I could’ve used this a month ago 😭😭😭😭 I just set my home instance up.
You know that [Y/n] Yes is default option and hitting enter will assume Y? (it's quite common in Linux)
John I wish to introduce you to Wazuh, which is backed by opensearch and kibana and has an agent that runs on each host. Saves you from having to do this all yourself!
5:11 say Alhamdulillah
Video spree
Takes John Hammond 14 minutes to do this. Took me many hours :(
👍🏾
why is your windows user called adhd ...
Early :3
way pulos
elastic cloud after 14 days trial ......WE have to DELETE this lab after 14 days...
Cloud is never free host it locally or use linode for the cheap
you talk too fast. can you slow down for us to follow you