Elastic Stack for Security Monitoring
in a Nutshell
2019 Pass the SALT Workshop
1
Overview
Introduction to Elastic Stack
Beats
Logstash
Elasticsearch
Kibana
Elastic Stack Alerting and Security
2
Introductory Workshop!
• This is an introductory workshop
• You probably won’t hear/see a
lot of new things if you have:
• Used Elastic Stack in the past;
• Took the Elastic training…;
• Followed SANS SEC455, SEC555,
FOR572, etc.;
• If you are stuck, please
do not suffer in silence!
3
Workshop VM
• ais_workshop_xubuntu-18.04.2-desktop-amd64
• VMware Workstation, Player, or Fusion
• You can try VirtualBox too, but you are on your own with that… sorry!
• 8 GB RAM
• 30-50 GB disk space
• Keyboard layout: EN-US !!!
• Workshop VM (Ubuntu) user/pass: user / Workshop1234%
• Normally, it should not require password for login and sudo
4
About David
• Managing partner at Alzette Information Security (@AlzetteInfoSec)
• Network penetration testing, security architectures, security
monitoring, incident response
• Instructor at SANS Institute: FOR572
• BSides Luxembourg organizer https://bsideslux.lu
• Twitter: @DavidSzili
• E-mail: david.szili@alzetteinfosec.com
• Blog: http://jumpespjump.blogspot.com
5