The Elastic Stack (ELK) is an amazing index-searching tool, utilizing services such as Elasticsearch, Logstash, and Kibana to index and store logs and Beats Data Shippers such as Winlogbeat to ship them there. However, ELK can be just as scary, storing data from a plethora of different machines across one or more networks ripe for … Continue reading ELK + Beats: Securing Communication with Logstash by using SSL
As I conclude my senior year in college, one of the final cyber courses I'm taking began to tough upon the importance of Network Management Systems. These systems can be of importance for both Cybersecurity and Digital Forensic professionals; allowing the user to monitor a network with logs/alerts previously configured by an organization's IT department … Continue reading PandoraFMS: Build and Installation Guide
By default on Ubuntu Server, Elasticsearch 6.6.0 is installed to the /var/lib/elasticsearch directory on the partition your OS resides on; the system partition. If you were to have an ELK cluster running in a production environment with 100+ endpoints feeding thousands of logs everyday, you may start to find that your Elasticsearch nodes' drives are … Continue reading Storing Elasticsearch Data on a Separate Ubuntu Partition
In one of my prior posts, I discussed the steps necessary to set up a Single-Node ELK Stack. If you were to follow this guide, Kibana, as it stands, would be accessible to anyone on your network over Port 5601 who knows its IP Address. For myself, I could always socially outcast my roommate if … Continue reading How to Install and Configure NGINX for Kibana
Burnham Forensics 