How To Setup ELK | Elastic Agents & Sysmon for Cybersecurity
Рет қаралды 88,121
Күн бұрын
@medericburlet6097 Жыл бұрын
I deployed and installed ELK for my company recently! Would love to see more content on log monitoring and detection!
@dilpreetkohli6630 Жыл бұрын
hey, do you have more resources for the same? I wanna learn this before I land for my job
@natestoutrt Жыл бұрын
This is exactly what I'm doing next week after classes end. Thanks!
@funnyclips769 8 күн бұрын
Your energy was awesome throughout the video !!!!! Had great time
@woaq4486 4 ай бұрын
Following this guide to install as well as others for config and detection development helped me land a job as a detections engineer. Great content as always!
@javirebeld Жыл бұрын
You have been dropping so much content recently, thanks man 🔥🔥
@jjann54321 Жыл бұрын
Thanks John, great content as always! Maybe doing a demo on spinning up a SecurityOnion VM would be helpful for many of your "Blue Team" viewers.
@edwardlenovo3240 Жыл бұрын
was going to say...Security Onion, preconfigured ELK SIEM, makes life way easier.
@zytoe3910 Жыл бұрын
Yes please do this
@berkderooij2046 Жыл бұрын
5:11 Bless you!
@Diamond_Chocobo 7 ай бұрын
i finished the Lab!! Thanks Super fun! in the discover section of Kabana,... thank you for showing us that filter section,... it reminds me of the filter section in Wireshark in order to reduce the number of network packets in the PCAP file,... in this case your using a filter to reduce the number of documents in order to make it easier to scan for what your looking for. i learned many things so far! like you cant add policies to an agent,... but you can add agents to a policy! GOOD STUFF!!
@Zevilon05 7 ай бұрын
Since some of this relates, I would love to see you do a full video on Security Onion. It there isn’t much coverage on it.
@AndreaKim312 Жыл бұрын
BHIS/Antisyphon/WWHF are AWESOME!!! I'M A HUGE FAN.
@bangbinbash Жыл бұрын
Aahh! Was literally just doing this on my own a week ago, perfect timing!
@Raima888s Жыл бұрын
Thanks for the video. Helping our Siem group understand these tools in security onion.
@onemoreguyonline7878 Жыл бұрын
It's fun to see the setup of a platform that I've used before.
@ReligionAndMaterialismDebunked Жыл бұрын
That sneeze zoom. Hahahaha. Creative! :3 🎉😂💀😅🔥🤡🤝😁🔥🔥😎
@tametov Жыл бұрын
This content is brilliant.
@Xmpzl19 5 ай бұрын
more content on log monitoring and detection plz
@darkfro08 Жыл бұрын
Love the shirt. I rock the same one at the office.
@djones0105 Жыл бұрын
Thank you, John! Very informative.
@RoughGanome Жыл бұрын
The ELK stack is awesome. But Splunk is king 👑. Great content! Keep up the great work.
@FaLkraydz 3 ай бұрын
Is it realistic to start a business with the ELK Stack? Maybe use snort as well? Use 100% open source solution at least for the first couple years and then cut over?
@BabyPowder013 Ай бұрын
You are awesome!
@rodetzky9833 Жыл бұрын
Love your videos!!!
@toptechtowing6340 Жыл бұрын
Omgggg I want that shirt !!!
@freem4nn129 Жыл бұрын
Love the shirt John :D
@cybr774 Жыл бұрын
Wazuh is almost the same right? I heard that it uses the ELK stack
@bradfoster4198 Жыл бұрын
Thanks John! Question : this seems to all hinge upon sysmon which is not installed by default in Windows. Is the idea here than an org would rollout sysmon widespread as a logging agent for company workstations?
@jjones503 Жыл бұрын
Is there a way to self host elastic or something similar, $95 a month is a bit steep.
@elisehackmann-tf6xg Жыл бұрын
Please make more videos about Elastic! like setting rules for alerts or how to integrate with EDR, IPS or Firewall or Antivirus. Would really be nice
@bluxombie Жыл бұрын
That would be nice. Rules and alerts are pretty simple. Hopefully he will do something like that for you all. If you're looking at pulling firewall etc. I recommend looking at using filebeat or set up agent and deploy that on your host. That'll give you out of the box parsing and kibana dashboards from the get go for that or syslog, or f5, or whatever module you enable. There's pros and cons to both, and while I prefer to use beats for certain reasons, agent can be great. Especially when you have a lot of hosts and want to use fleet to manage everything. While beats are more flexible to the user, fleet agent makes more sense in large environments. We can use integrations of the left menu as well, add and manage right there in kibana if you don't like going in the terminal. Pretty much exactly how he added is how you add any integration. Some of course require certain information such as the the email integration. Are there any areas that are of particular problems you need help with?
@JoshuaDiamente Жыл бұрын
Hi John, thanks for your videos. Quick question: In terms of security and spying, is it better to dual boot a Kali distro or run it in a VM? I'm almost certain windows can spy on the VM through virtual box software but I'm wondering if a dual boot would be any more secure considering I'm running an AMD system and realistically there would be a backdoor some where. Would love to hear your thoughts. Thanks in advance!
@rishabhshrivastava1870 Жыл бұрын
I have deployed a website using devsecops methodology, I want to use elk for the last stage i.e monitoring. What are the steps to integrate?
@DeadlyDragon_ Жыл бұрын
John I wish to introduce you to Wazuh, which is backed by opensearch and kibana and has an agent that runs on each host. Saves you from having to do this all yourself!
@muhamadfachri6122 Жыл бұрын
How can John get the 150 day trial?
@rahulramteke3338 Жыл бұрын
Can you do a full course here on YT on Kali Purple?
@sifedinebibi4467 Жыл бұрын
Could you kindly provide us with a video for SIEM Splunk Enterprise? We appreciate all the efforts you have made thus far. Thank you.
@MurtazaSalman-v2k 5 ай бұрын
Do a video on Security Onion
@Lampe2020 Жыл бұрын
5:10 That wasn't worth the warning. I thought a loud beep would happen but that sneeze was not loud at all. I sneeze much louder, kinda like my stepgrandfather did.
@guitargrin Жыл бұрын
I too like typing CD over and over😂
@bluesquare23 Жыл бұрын
I use kibana at work. It's okay. I kinda like just raw log reading better. But the elk stack has its place.
@codingdude8782 7 ай бұрын
bless you
@bhaveshkathore3746 5 ай бұрын
How can I get syslog ?? Please comments
@AlfredNobel-u1u 4 ай бұрын
[Y/n] already means yes by default!
@maximilian5859 Жыл бұрын
Honestly I don’t know why Logstash is still a thing. Even elastic pushes the Agent so much and with all the integrations it is possible to send most of the logs directly without Logstash. It could be useful when a lot of data needs to be parsed and you won’t pay the CPU usage in the cloud
@garbagetrash2938 Жыл бұрын
I could’ve used this a month ago 😭😭😭😭 I just set my home instance up.
@DANNOS1993 Жыл бұрын
-n is for network
@Stopinvadingmyhardware Жыл бұрын
Seeing Bash commands on Windows still bothers me
@wintermute111 Жыл бұрын
You know that [Y/n] Yes is default option and hitting enter will assume Y? (it's quite common in Linux)
@tyrojames9937 Жыл бұрын
👍🏾
@bluesquare23 Жыл бұрын
Takes John Hammond 14 minutes to do this. Took me many hours :(
@charlescabage730 Жыл бұрын
Video spree
@WaseemLaghari Жыл бұрын
5:11 say Alhamdulillah
@ReligionAndMaterialismDebunked Жыл бұрын
Early :3
@Pik92 Жыл бұрын
why is your windows user called adhd ...
@isaaclakra382 Жыл бұрын
elastic cloud after 14 days trial ......WE have to DELETE this lab after 14 days...
@JosueHernandez-nj9bc 3 ай бұрын
Cloud is never free host it locally or use linode for the cheap
@JHORAMCANOYNARSICO 3 ай бұрын
way pulos
@malachie4tabernacle523 3 ай бұрын
you talk too fast. can you slow down for us to follow you
Gerald Auger, PhD - Simply Cyber
Рет қаралды 251 М.
Java Techie
Рет қаралды 242 М.