Creating a Multi-Node ELK Stack

Previously I had written a guide on Creating a Single-Node ELK Stack; covering what to do when you want create and utilize The Elastic Stack (also formally ELK) on a limited capacity, single-node basis. When assisting my roommate in creating an ELK stack of his own, I realized I had not yet described the process … Continue reading Creating a Multi-Node ELK Stack

Monitoring CentOS Endpoints with Filebeat + ELK

In some of my previous posts regarding ELK, we have touched upon numerous ways of sending data from Windows endpoints – however not from much else. In the real world, thankfully, not everything runs off Microsoft’s Operating System. Not to hit Microsoft in any way, but for anyone who has experienced systems administration in regards … Continue reading Monitoring CentOS Endpoints with Filebeat + ELK

ELK + Beats: Securing Communication with Logstash by using SSL

The Elastic Stack (ELK) is an amazing index-searching tool, utilizing services such as Elasticsearch, Logstash, and Kibana to index and store logs and Beats Data Shippers such as Winlogbeat to ship them there. However, ELK can be just as scary, storing data from a plethora of different machines across one or more networks ripe for … Continue reading ELK + Beats: Securing Communication with Logstash by using SSL

Sending Logs to ELK with Winlogbeat and Sysmon

At the end of one of my prior posts I had mentioned Beats Data Shippers; the “nitty-gritty” of how logs get from your desired endpoints to your shiny ELK stack. If you are uncertain how this works and also somehow ended up here, then you are about to learn! There are many different types of … Continue reading Sending Logs to ELK with Winlogbeat and Sysmon

Creating a Single-Node ELK Stack

Building off my previous post, Introduction to ELK, I figured it would be great to begin to discuss how to create a “stack.” I have created multiple different stacks in the past couple months, each with their own specific purpose. While the services within an ELK stack are meant to be spread across different nodes, building … Continue reading Creating a Single-Node ELK Stack

Introduction to ELK

For the Summer of 2018, I took an internship that allowed me to continue learning hands-on in the field of Digital Forensics while also exploring the work of a Security Operations Center (SOC) Analyst. For those who are unaware what this current position entails, as I was, CIS Security defines this position as someone who helps … Continue reading Introduction to ELK

Using Default Filebeat Index Templates with Logstash

In one of my prior posts, Monitoring CentOS Endpoints with Filebeat + ELK, I described the process of installing and configuring the Beats Data Shipper Filebeat on CentOS boxes. This process utilized custom Logstash filters, which require you to manually add these in to your Logstash pipeline and filter all Filebeat logs that way. But … Continue reading Using Default Filebeat Index Templates with Logstash