Manually upload EVTX log files to ELK with Winlogbeat and PowerShell

While the ELK cluster is typically used for live monitoring, Winlogbeat can be tweaked to manually send “cold logs,” or old, inactive Windows Event Logs (EVTX) to ELK manually. This functionality allows an analyst to take EVTX files from images of systems collected and utilize the functionality of the ELK stack for their investigations – … Continue reading Manually upload EVTX log files to ELK with Winlogbeat and PowerShell

Creating a Multi-Node ELK Stack

Previously I had written a guide on Creating a Single-Node ELK Stack; covering what to do when you want create and utilize The Elastic Stack (also formally ELK) on a limited capacity, single-node basis. When assisting my roommate in creating an ELK stack of his own, I realized I had not yet described the process … Continue reading Creating a Multi-Node ELK Stack

Monitoring CentOS Endpoints with Filebeat + ELK

In some of my previous posts regarding ELK, we have touched upon numerous ways of sending data from Windows endpoints – however not from much else. In the real world, thankfully, not everything runs off Microsoft’s Operating System. Not to hit Microsoft in any way, but for anyone who has experienced systems administration in regards … Continue reading Monitoring CentOS Endpoints with Filebeat + ELK

ELK + Beats: Securing Communication with Logstash by using SSL

The Elastic Stack (ELK) is an amazing index-searching tool, utilizing services such as Elasticsearch, Logstash, and Kibana to index and store logs and Beats Data Shippers such as Winlogbeat to ship them there. However, ELK can be just as scary, storing data from a plethora of different machines across one or more networks ripe for … Continue reading ELK + Beats: Securing Communication with Logstash by using SSL

Sending Logs to ELK with Winlogbeat and Sysmon

At the end of one of my prior posts I had mentioned Beats Data Shippers; the “nitty-gritty” of how logs get from your desired endpoints to your shiny ELK stack. If you are uncertain how this works and also somehow ended up here, then you are about to learn! There are many different types of … Continue reading Sending Logs to ELK with Winlogbeat and Sysmon

Creating a Single-Node ELK Stack

Building off my previous post, Introduction to ELK, I figured it would be great to begin to discuss how to create a “stack.” I have created multiple different stacks in the past couple months, each with their own specific purpose. While the services within an ELK stack are meant to be spread across different nodes, building … Continue reading Creating a Single-Node ELK Stack

Introduction to ELK

For the Summer of 2018, I took an internship that allowed me to continue learning hands-on in the field of Digital Forensics while also exploring the work of a Security Operations Center (SOC) Analyst. For those who are unaware what this current position entails, as I was, CIS Security defines this position as someone who helps … Continue reading Introduction to ELK