Analyze Endpoint Data with Elasticsearch

by Tim Coakley

The endpoint remains one of the primary targets for cyber threat actors. Endpoint monitoring and analysis is ever more critical to an organization, to protect its data and intellectual property. This course will teach you how to monitor and analyze endpoint data using Elasticsearch.

What you'll learn

When threat actors target an organization, it can be either targeted or opportunistic in nature. What is clear is that the endpoint is often a primary target. Attackers will use a range of attack techniques from phishing, malware or even social engineering to name a few to achieve their aims. In this course, Analyze Endpoint Data with Elasticsearch, you will use the software Elasticsearch. Elasticsearch provides powerful search capabilities that can be used to give cyber defenders the ability to analyze data, detect threats and help to investigate security incidents. First, you will be given an overview into Elasticsearch software. Next, you will discover how to analyze Cloud Applications, Windows, and Linux endpoints. Then you will learn about operating system baseline, anomaly and file integrity monitoring. Finally, you will learn to analyze data for malicious logon and process activity. When you are finished with this course you will have the skills and knowledge to better protect your organization, its data and intellectual property. This is an intermediate level course and you should have good knowledge of common cyber attack techniques as well as some incident response knowledge.

About the author

Tim Coakley is a Senior Security Solutions Architect for a large multi-national organisation and an author at PluralSight. Tim started a long and successful full-time career in Digital Forensics supporting the criminal justice system and law enforcement on a long list of criminal cases.

Ready to upskill? Get started