How To Setup ELK | Elastic Agents & Sysmon for Cybersecurity

Рет қаралды 65,817

Жыл бұрын

j-h.io/pwyc || Jump into Pay What You Can training -- at whatever cost makes sense for you! j-h.io/pwyc
🔥 KZbin ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware

Пікірлер: 52

@medericburlet6097 Жыл бұрын

I deployed and installed ELK for my company recently! Would love to see more content on log monitoring and detection!

@dilpreetkohli6630 8 ай бұрын

hey, do you have more resources for the same? I wanna learn this before I land for my job

@natestoutrt Жыл бұрын

This is exactly what I'm doing next week after classes end. Thanks!

@javirebeld Жыл бұрын

You have been dropping so much content recently, thanks man 🔥🔥

@DiamondStumpy 8 күн бұрын

i finished the Lab!! Thanks Super fun! in the discover section of Kabana,... thank you for showing us that filter section,... it reminds me of the filter section in Wireshark in order to reduce the number of network packets in the PCAP file,... in this case your using a filter to reduce the number of documents in order to make it easier to scan for what your looking for. i learned many things so far! like you cant add policies to an agent,... but you can add agents to a policy! GOOD STUFF!!

@Raima888s Жыл бұрын

Thanks for the video. Helping our Siem group understand these tools in security onion.

@djones0105 Жыл бұрын

Thank you, John! Very informative.

@bangbinbash Жыл бұрын

Aahh! Was literally just doing this on my own a week ago, perfect timing!

@tametov Жыл бұрын

This content is brilliant.

@onemoreguyonline7878 Жыл бұрын

It's fun to see the setup of a platform that I've used before.

@Zevilon05 3 күн бұрын

Since some of this relates, I would love to see you do a full video on Security Onion. It there isn’t much coverage on it.

@jjann54321 Жыл бұрын

Thanks John, great content as always! Maybe doing a demo on spinning up a SecurityOnion VM would be helpful for many of your "Blue Team" viewers.

@edwardlenovo3240 Жыл бұрын

was going to say...Security Onion, preconfigured ELK SIEM, makes life way easier.

@zytoe3910 5 ай бұрын

Yes please do this

@AndreaKim312 Жыл бұрын

BHIS/Antisyphon/WWHF are AWESOME!!! I'M A HUGE FAN.

@berkderooij2046 Жыл бұрын

5:11 Bless you!

@rodetzky9833 Жыл бұрын

Love your videos!!!

@oscarllerena2980 8 ай бұрын

Hello, John. Thanks for your content. It is really fun and direct. I hope you can see this question. I want to produce my own cyberattack dataset for later machine learning analysis. I am using ELK apps, more precisely Elasticsearch, Kibana, Logstash, and the Beats (Packetbeat, Metricbeat, Winlogbeat, etc.) in a Windows virtual machine to collect event logs in a virtualized 1vs1 scenario (kali vs windows). And, of course, it is difficult, for example, to perform a scanning recognition procedure from the Kali machine and see what are the effects in the windows machine (at the level of network, system performance, and other aspects that Beats allow to minitor). I am learning MITRE ATT&CK to learn the steps of certain attacks but somehow I feel there might be another way to track the effects of the different stages of the kill-chain procedure and be able to tag those actions as, for instance, "malicious" or "benign". Thanks, in advance for any help, from everyone.

@darkfro08 Жыл бұрын

Love the shirt. I rock the same one at the office.

@ReligionAndMaterialismDebunked Жыл бұрын

That sneeze zoom. Hahahaha. Creative! :3 🎉😂💀😅🔥🤡🤝😁🔥🔥😎

@toptechtowing6340 Жыл бұрын

Omgggg I want that shirt !!!

@freem4nn129 Жыл бұрын

Love the shirt John :D

@sifedinebibi4467 Жыл бұрын

Could you kindly provide us with a video for SIEM Splunk Enterprise? We appreciate all the efforts you have made thus far. Thank you.

@elisehackmann-tf6xg Жыл бұрын

Please make more videos about Elastic! like setting rules for alerts or how to integrate with EDR, IPS or Firewall or Antivirus. Would really be nice

@bluxombie 8 ай бұрын

That would be nice. Rules and alerts are pretty simple. Hopefully he will do something like that for you all. If you're looking at pulling firewall etc. I recommend looking at using filebeat or set up agent and deploy that on your host. That'll give you out of the box parsing and kibana dashboards from the get go for that or syslog, or f5, or whatever module you enable. There's pros and cons to both, and while I prefer to use beats for certain reasons, agent can be great. Especially when you have a lot of hosts and want to use fleet to manage everything. While beats are more flexible to the user, fleet agent makes more sense in large environments. We can use integrations of the left menu as well, add and manage right there in kibana if you don't like going in the terminal. Pretty much exactly how he added is how you add any integration. Some of course require certain information such as the the email integration. Are there any areas that are of particular problems you need help with?

@JoshuaDiamente Жыл бұрын

Hi John, thanks for your videos. Quick question: In terms of security and spying, is it better to dual boot a Kali distro or run it in a VM? I'm almost certain windows can spy on the VM through virtual box software but I'm wondering if a dual boot would be any more secure considering I'm running an AMD system and realistically there would be a backdoor some where. Would love to hear your thoughts. Thanks in advance!

@cybr774 Жыл бұрын

Wazuh is almost the same right? I heard that it uses the ELK stack

@codingdude8782 7 күн бұрын

bless you

@rishabhshrivastava1870 Жыл бұрын

I have deployed a website using devsecops methodology, I want to use elk for the last stage i.e monitoring. What are the steps to integrate?

@muhamadfachri6122 Жыл бұрын

How can John get the 150 day trial?

@rahulramteke3338 Жыл бұрын

Can you do a full course here on YT on Kali Purple?

@jjones503 6 ай бұрын

Is there a way to self host elastic or something similar, $95 a month is a bit steep.

@dtitan1993 7 ай бұрын

-n is for network

@bradfoster4198 10 ай бұрын

Thanks John! Question : this seems to all hinge upon sysmon which is not installed by default in Windows. Is the idea here than an org would rollout sysmon widespread as a logging agent for company workstations?

@oscarllerena2980 8 ай бұрын

I did not understood the usage of sysmon here. I understand that sysmon is a monitoring application but I did not see any key usage ...

@oscarllerena2980 8 ай бұрын

In 14:03, when you say "tracking around in EDR", with EDR you mean "Endpoint Detection and Response"??

@maximilian5859 Жыл бұрын

Honestly I don’t know why Logstash is still a thing. Even elastic pushes the Agent so much and with all the integrations it is possible to send most of the logs directly without Logstash. It could be useful when a lot of data needs to be parsed and you won’t pay the CPU usage in the cloud

@guitargrin Жыл бұрын

I too like typing CD over and over😂

@garbagetrash2938 Жыл бұрын

I could’ve used this a month ago 😭😭😭😭 I just set my home instance up.

@Lampe2020 Жыл бұрын

5:10 That wasn't worth the warning. I thought a loud beep would happen but that sneeze was not loud at all. I sneeze much louder, kinda like my stepgrandfather did.

@Stopinvadingmyhardware Жыл бұрын

Seeing Bash commands on Windows still bothers me

@tyrojames9937 Жыл бұрын

👍🏾

@wintermute111 Жыл бұрын

You know that [Y/n] Yes is default option and hitting enter will assume Y? (it's quite common in Linux)

@bluesquare23 Жыл бұрын

I use kibana at work. It's okay. I kinda like just raw log reading better. But the elk stack has its place.

@charlescabage730 Жыл бұрын

Video spree

@DeadlyDragon_ Жыл бұрын

John I wish to introduce you to Wazuh, which is backed by opensearch and kibana and has an agent that runs on each host. Saves you from having to do this all yourself!

@bluesquare23 9 ай бұрын

Takes John Hammond 14 minutes to do this. Took me many hours :(