VMware
How To Setup ELK | Elastic Agents & Sysmon for
How To Setup ELK | Elastic Agents & Sysmon for Cybersecurity
#Setup #ELK #Elastic #Agents #Sysmon
“John Hammond”
|| Jump into Pay What You Can training — at whatever cost makes sense for you!
đĽ YOUTUBE ALGORITHM ⥠Like, Comment, & Subscribe!
đ SUPPORT THE CHANNEL âĄ
đ¤ SPONSOR THE CHANNEL âĄ
đ FOLLOW…
source
To see the full content, share this page by clicking one of the buttons below |
![[26.10.2013] SBâ vs. HND | Bảng A – NgĂ y 1 | Vòng ThÄng](https://i1.wp.com/res.cloudinary.com/glide/image/fetch/https%3A%2F%2Fi.ytimg.com%2Fvi%2FjSxaWPfGP6s%2Fmaxresdefault.jpg?w=390&resize=390,220&ssl=1 "[26.10.2013] SBâ vs. HND | Bảng A – NgĂ y 1 | Vòng ThÄng")
In 14:03, when you say "tracking around in EDR", with EDR you mean "Endpoint Detection and Response"??
Hello, John. Thanks for your content. It is really fun and direct. I hope you can see this question. I want to produce my own cyberattack dataset for later machine learning analysis. I am using ELK apps, more precisely Elasticsearch, Kibana, Logstash, and the Beats (Packetbeat, Metricbeat, Winlogbeat, etc.) in a Windows virtual machine to collect event logs in a virtualized 1vs1 scenario (kali vs windows). And, of course, it is difficult, for example, to perform a scanning recognition procedure from the Kali machine and see what are the effects in the windows machine (at the level of network, system performance, and other aspects that Beats allow to minitor). I am learning MITRE ATT&CK to learn the steps of certain attacks but somehow I feel there might be another way to track the effects of the different stages of the kill-chain procedure and be able to tag those actions as, for instance, "malicious" or "benign". Thanks, in advance for any help, from everyone.
elastic cloud after 14 days trial ……WE have to DELETE this lab after 14 days…
I wouldn't use software that only has a 14 day trial for a home lab project. Barely enough to deploy and configure it, then what??
Takes John Hammond 14 minutes to do this. Took me many hours đ
Thanks John! Question : this seems to all hinge upon sysmon which is not installed by default in Windows. Is the idea here than an org would rollout sysmon widespread as a logging agent for company workstations?
why is your windows user called adhd …
Please make more videos about Elastic! like setting rules for alerts or how to integrate with EDR, IPS or Firewall or Antivirus. Would really be nice
How can John get the 150 day trial?
I have deployed a website using devsecops methodology, I want to use elk for the last stage i.e monitoring. What are the steps to integrate?
This content is brilliant.
I couldâve used this a month ago đđđđ I just set my home instance up.
Could you kindly provide us with a video for SIEM Splunk Enterprise? We appreciate all the efforts you have made thus far. Thank you.
Love the shirt. I rock the same one at the office.
Video spree
Can you do a full course here on YT on Kali Purple?
Hi John, thanks for your videos. Quick question: In terms of security and spying, is it better to dual boot a Kali distro or run it in a VM? I'm almost certain windows can spy on the VM through virtual box software but I'm wondering if a dual boot would be any more secure considering I'm running an AMD system and realistically there would be a backdoor some where.
Would love to hear your thoughts. Thanks in advance!
I deployed and installed ELK for my company recently! Would love to see more content on log monitoring and detection!
John I wish to introduce you to Wazuh, which is backed by opensearch and kibana and has an agent that runs on each host. Saves you from having to do this all yourself!
Thank you, John! Very informative.