How to Elastic SIEM

IT environments are becoming increasingly large, distributed and difficult to manage. All system components must be protected and monitored against cyber threats. You need a scalable platform that can store and analyze logs, metrics and events. SIEM solutions can cost a lot of money. In this story we will take a look at the free solution available in Elastic Stack, which is Elastic SIEM.

What will we use?

Elastic Stack is a set of components: Elasticsearch, Kibana, Logstash and Beats. Brief information about what is used in this story:

  • Elasticsearch — document database/search engine
  • Kibana —Data visualization dashboard for Elasticsearch
  • Filebeat — lightweight log collector (available modules)
  • Packetbeat — lightweight network protocol collector (and more)
  • Audibeat — a lightweight security event collector without the use of auditd
  • Winlogbeat — a lightweight event collector from Windows systems.

Environment

I’ve created 3 virtual machines on the Azure cloud:

  • ELK — Ubuntu 20.04 — Elasticsearch + Kibana
  • Ubuntu1 — Ubuntu 20–04 — Filebeat, Packetbeat, Auditbeat
  • Win10 — Windows 10 — Auditbeat, Packetbeat, Winlogbeat

Elasticsearch + Kibana installation

We’ll put a simple one node cluster. Here you can download Elasticsearch and Kibana deb files.

The installation:

sudo dpkg -i file_name.deb

#security #elasticsearch #elastic-stack

What is GEEK

Buddha Community

How to Elastic SIEM
Wiley  Mayer

Wiley Mayer

1604026800

The Real-World Benefits of Elastic Computing with Low-Code

As we move into the cloud computing era, we’ve seen the floodgates open and waves of new development frameworks taking advantage of every opportunity that cloud computing technologies offer.

To the non-technical audience, it can become overwhelming and sometimes confusing to navigate these waters into new frontiers. For that reason, we’re going to break down the technical jargon into the real world benefits.

Cloud Computing vs On-Premise

Traditionally, organisations have become accustomed to building server facilities on site. Under the microscope, the indirect costs start to add up, significantly - floor space, security, fire suppressors, backup power and networking infrastructure, and the cost of highly talented staff to maintain and manage the infrastructure – to name a few. Add in the expense to duplicate all of this at a disaster recovery site, and it becomes an expensive and complicated business - only to manage your IT.

Cloud computing takes away most of this burden, by moving much of this infrastructure into a specialist service provider’s premise, offering savings through economies of scale. Not only do you save on the like-for-like costs, but you also see efficiencies through on-demand pricing models (billing per hour).

Some of the key benefits:

  1. Scale computing resources on demand.
    • You no longer need to have multiple servers sitting idle. Often these servers are only to be fully utilised for peak demand, such as month-end activities.
    • With the ability to scale in near real-time, you only get charged for resources as you use them.
  2. The service provider handles most of the infrastructure and operating system maintenance.
  3. The leading providers have invested significantly into redundancy, resilience and security.
    • When a server fails, you may never notice it, and it just works seamlessly.
    • Additional backup and replication services can often be configured in minutes, in various locations in your region, or internationally based on your preference or regulatory requirements.
    • The largest industries in the world, including banks and financial institutions that have the strictest data handling and uptime requirements, have been using these services for years.

At the time of writing, the largest service providers include Amazon (AWS) and Microsoft (Azure), capturing 60% of the cloud computing market. Gartner predicts that by 2022, up to 60% of organisations will be using cloud technologies, signalling the industry shift from traditional to cloud-based infrastructure.

#low-code #low-code-platform #lowcode #elastic #elastic-cloud #scaling #scalability #cloud-computing

Johathan  Boehm

Johathan Boehm

1613614416

Elastic App Search Client in Kotlin

In my previous post I tried to provide highlights on Elastic App Search, which provides Search as a Service. As mentioned in the post, Elastic provides client implementations for a number of languages; however there are no implementations for Java or Kotlin. So I decided to implement my own.

I was particularly excited to do this, since I’ve been using Elastic Stack (Elasticsearch mostly) for years and App Search was in my radar for a while. This was a great opportunity for me to deep dive in App Search and contribute to the ecosystem. As the name suggests, I selected Kotlin as the implementation language. As you might already know, Kotlin is my favorite programmng language and it’s on JVM.

Apart from those it was the first time I managed to deploy a library to public Maven repositories and streamline the process via GitHub Actions.

In the following sections I will try to go over some details on app-search-kotlin implementation.

Disclaimer

app-search-kotlin is a client implementation for App Search that I developed as a side project and should not be treated as a production quality and included in the projects accordingly.

Location

Source code is located in Github. app-search-kotlin JAR is available at search.maven.org .

Compatibility

app-search-kotlin has been developed using version 7.8.1 of Elastic Stack (Elasticsearch and Elastic App Search). I did not test against other 7.x.y versions but theoretically it should work.

Library is developed with Kotlin 1.3 and Java 11 and not tested for other versions. Similar to the Elastic Stack version, it should work with no or minimal changes but a rebuild might be necessary.

#elasticsearch #elastic #elastic-app-search #kotlin

Matteo Gioioso

1592427660

Setting up Elasticsearch for the Elastic SIEM

So often, I hear from security professionals who tell me that they are, “…thinking about setting up an elastic stack…” but they feel like it may be too difficult or they’re just not sure where to start. This guide is meant to migrate you from the, “I was thinking about doing that,” phase of the agile board to the final state of, “I totally did that and it was super easy.”

This software stack can run on all the popular OS distributions, including windows. However, the best performance will be on Ubuntu or CentOS/Redhat. The options to install from the elasticsearch repos using package managers are available as well as the .deb and .rpm options for installations, but this guide will be using the Linux distro agnostic download and installation methods. I am specifically choosing CentOS 7 because it’s more secure by default. I will be walking through the setup for commands working on RPM-based systems, accordingly.~~~~

#elastic #elasticsearch

How to Elastic SIEM

IT environments are becoming increasingly large, distributed and difficult to manage. All system components must be protected and monitored against cyber threats. You need a scalable platform that can store and analyze logs, metrics and events. SIEM solutions can cost a lot of money. In this story we will take a look at the free solution available in Elastic Stack, which is Elastic SIEM.

What will we use?

Elastic Stack is a set of components: Elasticsearch, Kibana, Logstash and Beats. Brief information about what is used in this story:

  • Elasticsearch — document database/search engine
  • Kibana —Data visualization dashboard for Elasticsearch
  • Filebeat — lightweight log collector (available modules)
  • Packetbeat — lightweight network protocol collector (and more)
  • Audibeat — a lightweight security event collector without the use of auditd
  • Winlogbeat — a lightweight event collector from Windows systems.

Environment

I’ve created 3 virtual machines on the Azure cloud:

  • ELK — Ubuntu 20.04 — Elasticsearch + Kibana
  • Ubuntu1 — Ubuntu 20–04 — Filebeat, Packetbeat, Auditbeat
  • Win10 — Windows 10 — Auditbeat, Packetbeat, Winlogbeat

Elasticsearch + Kibana installation

We’ll put a simple one node cluster. Here you can download Elasticsearch and Kibana deb files.

The installation:

sudo dpkg -i file_name.deb

#security #elasticsearch #elastic-stack

Dianna  Farrell

Dianna Farrell

1603942500

Elastic Stack Tutorial | Create a Free SIEM Tool with Elasticsearch, Auditbeat, & Kibana | Part 1

Learn how to set up the Elastic Stack and send system logs that will provide important security information and visualizations.

In this video tutorial you’ll be using Auditbeat, Elasticsearch, and Kibana to setup a free SIEM tool.

If you’ve ever wondered how security analysts know when an intruder has attacked, or how Security Operation Centers make stunning maps and graphs from security logs, then you want to watch this video.

Ivan will explain how you can install the Elastic Stack on a Linux server and configure it to receive logs from Windows/Linux endpoints using Beats.

Once he has that set up he will then teach you how to use the Elastic tool known as Kibana to visualize this data in maps and charts.

This is part 1 of a two part video.

#elastic #developer