Sending Logs to ELK with Winlogbeat and Sysmon At the end of one of my prior posts I had mentioned Beats Data Shippers; the "nitty-gritty" of how logs get from your desired endpoints to your shiny ELK stack. If you are uncertain how this works and also somehow ended up here, then you are about to learn! There are many different types … Continue reading Sending Logs to ELK with Winlogbeat and Sysmon

Creating a Single-Node ELK Stack

Building off my previous post, Introduction to ELK, I figured it would be great to begin to discuss how to create a "stack." I have created multiple different stacks in the past couple months, each with their own specific purpose. While the services within an ELK stack are meant to be spread across different nodes, building … Continue reading Creating a Single-Node ELK Stack

Introduction to ELK

For the Summer of 2018, I took an internship that allowed me to continue learning hands-on in the field of Digital Forensics while also exploring the work of a Security Operations Center (SOC) Analyst. For those who are unaware what this current position entails, as I was, CIS Security defines this position as someone who helps … Continue reading Introduction to ELK