1598508420
IT environments are becoming increasingly large, distributed and difficult to manage. All system components must be protected and monitored against cyber threats. You need a scalable platform that can store and analyze logs, metrics and events. SIEM solutions can cost a lot of money. In this story we will take a look at the free solution available in Elastic Stack, which is Elastic SIEM.
Elastic Stack is a set of components: Elasticsearch, Kibana, Logstash and Beats. Brief information about what is used in this story:
I’ve created 3 virtual machines on the Azure cloud:
We’ll put a simple one node cluster. Here you can download Elasticsearch and Kibana deb files.
The installation:
sudo dpkg -i file_name.deb
#security #elasticsearch #elastic-stack
1604026800
As we move into the cloud computing era, we’ve seen the floodgates open and waves of new development frameworks taking advantage of every opportunity that cloud computing technologies offer.
To the non-technical audience, it can become overwhelming and sometimes confusing to navigate these waters into new frontiers. For that reason, we’re going to break down the technical jargon into the real world benefits.
Traditionally, organisations have become accustomed to building server facilities on site. Under the microscope, the indirect costs start to add up, significantly - floor space, security, fire suppressors, backup power and networking infrastructure, and the cost of highly talented staff to maintain and manage the infrastructure – to name a few. Add in the expense to duplicate all of this at a disaster recovery site, and it becomes an expensive and complicated business - only to manage your IT.
Cloud computing takes away most of this burden, by moving much of this infrastructure into a specialist service provider’s premise, offering savings through economies of scale. Not only do you save on the like-for-like costs, but you also see efficiencies through on-demand pricing models (billing per hour).
Some of the key benefits:
At the time of writing, the largest service providers include Amazon (AWS) and Microsoft (Azure), capturing 60% of the cloud computing market. Gartner predicts that by 2022, up to 60% of organisations will be using cloud technologies, signalling the industry shift from traditional to cloud-based infrastructure.
#low-code #low-code-platform #lowcode #elastic #elastic-cloud #scaling #scalability #cloud-computing
1613614416
In my previous post I tried to provide highlights on Elastic App Search, which provides Search as a Service. As mentioned in the post, Elastic provides client implementations for a number of languages; however there are no implementations for Java or Kotlin. So I decided to implement my own.
I was particularly excited to do this, since I’ve been using Elastic Stack (Elasticsearch mostly) for years and App Search was in my radar for a while. This was a great opportunity for me to deep dive in App Search and contribute to the ecosystem. As the name suggests, I selected Kotlin as the implementation language. As you might already know, Kotlin is my favorite programmng language and it’s on JVM.
Apart from those it was the first time I managed to deploy a library to public Maven repositories and streamline the process via GitHub Actions.
In the following sections I will try to go over some details on app-search-kotlin implementation.
app-search-kotlin is a client implementation for App Search that I developed as a side project and should not be treated as a production quality and included in the projects accordingly.
Source code is located in Github. app-search-kotlin JAR is available at search.maven.org .
app-search-kotlin has been developed using version 7.8.1 of Elastic Stack (Elasticsearch and Elastic App Search). I did not test against other 7.x.y versions but theoretically it should work.
Library is developed with Kotlin 1.3 and Java 11 and not tested for other versions. Similar to the Elastic Stack version, it should work with no or minimal changes but a rebuild might be necessary.
#elasticsearch #elastic #elastic-app-search #kotlin
1592427660
So often, I hear from security professionals who tell me that they are, “…thinking about setting up an elastic stack…” but they feel like it may be too difficult or they’re just not sure where to start. This guide is meant to migrate you from the, “I was thinking about doing that,” phase of the agile board to the final state of, “I totally did that and it was super easy.”
This software stack can run on all the popular OS distributions, including windows. However, the best performance will be on Ubuntu or CentOS/Redhat. The options to install from the elasticsearch repos using package managers are available as well as the .deb and .rpm options for installations, but this guide will be using the Linux distro agnostic download and installation methods. I am specifically choosing CentOS 7 because it’s more secure by default. I will be walking through the setup for commands working on RPM-based systems, accordingly.~~~~
#elastic #elasticsearch
1598508420
IT environments are becoming increasingly large, distributed and difficult to manage. All system components must be protected and monitored against cyber threats. You need a scalable platform that can store and analyze logs, metrics and events. SIEM solutions can cost a lot of money. In this story we will take a look at the free solution available in Elastic Stack, which is Elastic SIEM.
Elastic Stack is a set of components: Elasticsearch, Kibana, Logstash and Beats. Brief information about what is used in this story:
I’ve created 3 virtual machines on the Azure cloud:
We’ll put a simple one node cluster. Here you can download Elasticsearch and Kibana deb files.
The installation:
sudo dpkg -i file_name.deb
#security #elasticsearch #elastic-stack
1603942500
Learn how to set up the Elastic Stack and send system logs that will provide important security information and visualizations.
In this video tutorial you’ll be using Auditbeat, Elasticsearch, and Kibana to setup a free SIEM tool.
If you’ve ever wondered how security analysts know when an intruder has attacked, or how Security Operation Centers make stunning maps and graphs from security logs, then you want to watch this video.
Ivan will explain how you can install the Elastic Stack on a Linux server and configure it to receive logs from Windows/Linux endpoints using Beats.
Once he has that set up he will then teach you how to use the Elastic tool known as Kibana to visualize this data in maps and charts.
This is part 1 of a two part video.
#elastic #developer