Elastic Stack is a group of services designed to take data from almost any type of source and in almost any type of format, and to search, analyze and visualize that data in real time. In this lab, Elastic Stack will be used for log analytics. Students will learn to set up and run the Elasticsearch, Logstash and Kibana components of Elastic Stack. Multiple computers in a small network will forward their logs to a central server where they will be processed by Elastic Stack. Student will use Kibana to view logs, filter them and set up dashboards. Information in the logs will be used to identify and block an on-going attack.
Prerequisites
Familiarity with the Unix/Linux command line, as well as SSH, sudo, and other common tools.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: Enterprise Instructional Labs
- Introduction to Network Security Lab Package
- Network Monitoring and Reconnaissance Package
- Law Enforcement/Counterintelligence Forensics Analyst 2
- Cyber Defense Forensics Analyst 2
- System Administrator 2
- Cyber Defense Analyst 2
- Vulnerability Assessment Analyst 2
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
