I’m excited to announce the release of the ELK for Security Analysis online course! You’ll find the description of the course to follow. Registration is open now (with early bird pricing), and the course officially opens next month.
For more details, see: http://chrissanders.org/training/#elk
You must master your data If you want to catch bad guys and find evil. But, how can you do that? That’s where the ELK stack comes in.
ELK is Elasticsearch, Logstash, and Kibana and together they provide a framework for collecting, storing, and investigating network security data. In this course, you’ll learn how to use this powerful trio to perform security analysis. This isn’t just an ELK course, it’s a course on how to use ELK specifically for incident responders, network security monitoring analysts, and other security blue teamers.
You’ll learn the basics of:
- Elasticsearch: How data is stored and indexed. Working with JSON documents.
- Logstash: How to collect and manipulate structured and unstructured data.
- Kibana: Techniques for searching data and building useful visualizations and dashboards.
- Beats: Use the agent to ship data from endpoints and servers to your ELK systems.
I’ll also show you how to build complete data pipelines from ingest to search. This means you’ll get to watch step-by-step guides for dealing with security specific data types like:
- HTTP Proxy Logs
- File-Based Logs (Unix, auth, and application logs)
- Windows Events & Sysmon Data
- NetFlow Data
- IDS Alerts
- Dealing with any CSV file you’re handed
- Parsing unstructured logs, no matter how weird they are
When you walk away from this course, you should be equipped with the skills you need to build a complete IDS alert console, investigation platform, or security analysis lab.
More details and registration: http://chrissanders.org/training/#elk