Matteo Gioioso

1592427660

Setting up Elasticsearch for the Elastic SIEM

So often, I hear from security professionals who tell me that they are, “…thinking about setting up an elastic stack…” but they feel like it may be too difficult or they’re just not sure where to start. This guide is meant to migrate you from the, “I was thinking about doing that,” phase of the agile board to the final state of, “I totally did that and it was super easy.”

This software stack can run on all the popular OS distributions, including windows. However, the best performance will be on Ubuntu or CentOS/Redhat. The options to install from the elasticsearch repos using package managers are available as well as the .deb and .rpm options for installations, but this guide will be using the Linux distro agnostic download and installation methods. I am specifically choosing CentOS 7 because it’s more secure by default. I will be walking through the setup for commands working on RPM-based systems, accordingly.~~~~

#elastic #elasticsearch

What is GEEK

Buddha Community

Setting up Elasticsearch for the Elastic SIEM

Matteo Gioioso

1592427660

Setting up Elasticsearch for the Elastic SIEM

So often, I hear from security professionals who tell me that they are, “…thinking about setting up an elastic stack…” but they feel like it may be too difficult or they’re just not sure where to start. This guide is meant to migrate you from the, “I was thinking about doing that,” phase of the agile board to the final state of, “I totally did that and it was super easy.”

This software stack can run on all the popular OS distributions, including windows. However, the best performance will be on Ubuntu or CentOS/Redhat. The options to install from the elasticsearch repos using package managers are available as well as the .deb and .rpm options for installations, but this guide will be using the Linux distro agnostic download and installation methods. I am specifically choosing CentOS 7 because it’s more secure by default. I will be walking through the setup for commands working on RPM-based systems, accordingly.~~~~

#elastic #elasticsearch

Rusty Shanahan

Rusty Shanahan

1598155740

Elasticsearch 7.x Backup — “Snapshot & Restore” on AWS S3

In 2016 I wrote an Article about Elasticsearch Backup, it had and still has quite good interests from people. I decided to start a new series of articles with the Backup topic as the main argument.

The old article covered Snapshot & Restore functionalities based on Elasticsearch 2.4.x and the upcoming version, the 5.0. As it was 4 years ago I choose to refresh this tutorial and making it the first of a series of more.

I will prepare a small article on how to use the snapshot & restore functionality with different cloud-provider. This article is based on Elasticsearch 7.x, it doesn’t mean it couldn’t work on older versions but I focused on the latest one.

Elasticsearch Snapshot & Restore

Elasticsearch has a smart solution to backup single indices or entire clusters to remote shared filesystem or S3 or HDFS. The snapshot ES creates does not so resource consuming and is relatively small.

The idea behind these snapshots is that they are not “archive” in a strict sense, these snapshots can only be read by a version of Elasticsearch that is capable to read the index version stored inside the snapshot.

So you can follow this quick scheme if you want to restore ES snapshots :

  • A snapshot of an index created in 6.x can be restored to 7.x.
  • A snapshot of an index created in 5.x can be restored to 6.x.
  • A snapshot of an index created in 2.x can be restored to 5.x.
  • A snapshot of an index created in 1.x can be restored to 2.x.

Snapshots of indices created with ES 1.x cannot be restored to 5.x or 6.x, snapshots of indices created in 2.x cannot be restored to 6.x or 7.x, and snapshots of indices created in 5.x cannot be restored to 7.x or 8.x.

#elasticsearch-snapshot #elasticsearch-plugins #elasticsearch #backup #elasticsearch-backup #aws

Johathan Boehm

Johathan Boehm

1613614416

Elastic App Search Client in Kotlin

In my previous post I tried to provide highlights on Elastic App Search, which provides Search as a Service. As mentioned in the post, Elastic provides client implementations for a number of languages; however there are no implementations for Java or Kotlin. So I decided to implement my own.

I was particularly excited to do this, since I’ve been using Elastic Stack (Elasticsearch mostly) for years and App Search was in my radar for a while. This was a great opportunity for me to deep dive in App Search and contribute to the ecosystem. As the name suggests, I selected Kotlin as the implementation language. As you might already know, Kotlin is my favorite programmng language and it’s on JVM.

Apart from those it was the first time I managed to deploy a library to public Maven repositories and streamline the process via GitHub Actions.

In the following sections I will try to go over some details on app-search-kotlin implementation.

Disclaimer

app-search-kotlin is a client implementation for App Search that I developed as a side project and should not be treated as a production quality and included in the projects accordingly.

Location

Source code is located in Github. app-search-kotlin JAR is available at search.maven.org .

Compatibility

app-search-kotlin has been developed using version 7.8.1 of Elastic Stack (Elasticsearch and Elastic App Search). I did not test against other 7.x.y versions but theoretically it should work.

Library is developed with Kotlin 1.3 and Java 11 and not tested for other versions. Similar to the Elastic Stack version, it should work with no or minimal changes but a rebuild might be necessary.

#elasticsearch #elastic #elastic-app-search #kotlin

Adrianna Leuschke

Adrianna Leuschke

1598508420

How to Elastic SIEM

IT environments are becoming increasingly large, distributed and difficult to manage. All system components must be protected and monitored against cyber threats. You need a scalable platform that can store and analyze logs, metrics and events. SIEM solutions can cost a lot of money. In this story we will take a look at the free solution available in Elastic Stack, which is Elastic SIEM.

What will we use?

Elastic Stack is a set of components: Elasticsearch, Kibana, Logstash and Beats. Brief information about what is used in this story:

  • Elasticsearch — document database/search engine
  • Kibana —Data visualization dashboard for Elasticsearch
  • Filebeat — lightweight log collector (available modules)
  • Packetbeat — lightweight network protocol collector (and more)
  • Audibeat — a lightweight security event collector without the use of auditd
  • Winlogbeat — a lightweight event collector from Windows systems.

Environment

I’ve created 3 virtual machines on the Azure cloud:

  • ELK — Ubuntu 20.04 — Elasticsearch + Kibana
  • Ubuntu1 — Ubuntu 20–04 — Filebeat, Packetbeat, Auditbeat
  • Win10 — Windows 10 — Auditbeat, Packetbeat, Winlogbeat

Elasticsearch + Kibana installation

We’ll put a simple one node cluster. Here you can download Elasticsearch and Kibana deb files.

The installation:

sudo dpkg -i file_name.deb

#security #elasticsearch #elastic-stack

Raleigh Hayes

Raleigh Hayes

1626878897

Elasticsearch Tutorial | Elasticsearch For Beginners

Hello! I’ve been building using Elasticsearch recently so thought it would be cool to do a quick tutorial on how it works. Hope you enjoy it!

Timestamps:
0:00 - Intro
0:12 - What is Elasticsearch
0:51 - Running Elasticsearch
2:09 - APIs/Queries
11:15 - Kibana Bonus Tips
13:37 - Thank You For Watching!

#elasticsearch #elasticsearch tutorial