Threat Hunting with the Elastic Stack

Paths

Expanded

Threat Hunting with the Elastic Stack

Authors: Joe Abraham, Tim Coakley

This skill is intended to use the Elastic Stack to hunt for cyber threats in your network. With this knowledge and experience in place, you will be able to leverage Elastic's... Read more

Related topics

Elastic Stack Fundamentals Threat Hunting Security Operations Incident Response Continuous Security Monitoring

  • How to analyze network event data with Elasticsearch
  • How to analyze endpoint data with Elasticsearch
  • How to build visualizations and dashboards in Kibana geared towards threat hunting
  • How to use Graph in Kibana to validate the scope of an intrusion
  • How to use Kibana machine learning to detect anomalies

Pre-requisites

It is recommended that you have a knowledge and basic understanding of the fundamentals of the Elastic Stack, as well as cyber security fundamentals.

Threat Hunting with the Elastic Stack

It is recommended that you have a knowledge and basic understanding of the fundamentals of the Elastic Stack, as well as cyber security fundamentals.

Analyze Network Event Activity Data with Elasticsearch

by Joe Abraham

Nov 22, 2021 / 2h 32m

2h 32m

Start Course
Description

In today’s cybersecurity landscape, threats are everywhere. Our telemetry and network event data quality is important to detecting, responding to, and mitigating those threats. Elasticsearch can help ease the burden of sifting through the large amounts of data that we collect. In this course, Analyze Network Event Activity Data with Elasticsearch, you’ll learn to ingest network event and telemetry data, and use it to find threats. First, you’ll explore how to ingest security device logs and Netflow, and use it to find potential threats. Next, you’ll discover how to use application data to detect anomalies and interesting behavior. Finally, you’ll learn how to correlate the data between the various sources to identify threats. When you’re finished with this course, you’ll have the skills and knowledge of Elasticsearch needed to effectively use the data being collected for cyber operations.

Table of contents
  1. Course Overview
  2. Exploring Network Telemetry and Event Data
  3. Analyzing Netflow with Elasticsearch
  4. Using IDS Events for Threat Detection
  5. Using Network Application Data for Anomaly Detection
  6. Correlating Network Telemetry for Threat Detection

Analyze Endpoint Data with Elasticsearch

by Tim Coakley

Sep 24, 2021 / 1h 31m

1h 31m

Start Course
Description

When threat actors target an organization, it can be either targeted or opportunistic in nature. What is clear is that the endpoint is often a primary target. Attackers will use a range of attack techniques from phishing, malware or even social engineering to name a few to achieve their aims. In this course, Analyze Endpoint Data with Elasticsearch, you will use the software Elasticsearch. Elasticsearch provides powerful search capabilities that can be used to give cyber defenders the ability to analyze data, detect threats and help to investigate security incidents. First, you will be given an overview into Elasticsearch software. Next, you will discover how to analyze Cloud Applications, Windows, and Linux endpoints. Then you will learn about operating system baseline, anomaly and file integrity monitoring. Finally, you will learn to analyze data for malicious logon and process activity. When you are finished with this course you will have the skills and knowledge to better protect your organization, its data and intellectual property. This is an intermediate level course and you should have good knowledge of common cyber attack techniques as well as some incident response knowledge.

Table of contents
  1. Course Overview
  2. Baseline and Anomaly Detection
  3. Cloud Application Analysis with Elasticsearch
  4. Malicious Process Monitoring
  5. File Integrity Monitoring
  6. Malicious Logon Monitoring
  7. Windows Host Analysis
  8. Linux Host Analysis
  9. Summary
Offer Code *
Email * First name * Last name *
Company
Title
Phone
Country *

* Required field

Opt in for the latest promotions and events. You may unsubscribe at any time. Privacy Policy

By providing my phone number to Pluralsight and toggling this feature on, I agree and acknowledge that Pluralsight may use that number to contact me for marketing purposes, including using autodialed or pre-recorded calls and text messages. I understand that consent is not required as a condition of purchase from Pluralsight.

By activating this benefit, you agree to abide by Pluralsight's terms of use and privacy policy.

I agree, activate benefit
Learning Paths

Threat Hunting with the Elastic Stack

  • Number of Courses2 courses
  • Duration4 hours
  • Skill IQ available Skill IQ
  • Expanded

This skill is intended to use the Elastic Stack to hunt for cyber threats in your network. With this knowledge and experience in place, you will be able to leverage Elastic's capabilities and functions to proactively provide optimal protection against cyber threats.

Courses in this path

Threat Hunting with the Elastic Stack

It is recommended that you have a knowledge and basic understanding of the fundamentals of the Elastic Stack, as well as cyber security fundamentals.

Analyze Network Event Activity Data with Elasticsearch

  • by Joe Abraham
  • 2h 32m Duration

Analyze Endpoint Data with Elasticsearch

  • by Tim Coakley
  • 1h 31m Duration

Learn with the best

Joe Abraham
Joe Abraham
Joe is a Network Consulting Engineer and has worked in the IT industry since 2010. He has experience in teaching and mentoring IT professionals in both DoD environments and in the civilian sector, in both the networking and IT security fields.
Tim Coakley
Tim Coakley
Tim Coakley is a Senior Security Solutions Architect for a large multi-national organisation and an author at PluralSight. Tim started a long and successful full-time career in Digital Forensics supporting the criminal justice system and law enforcement on a long list of criminal cases.

Join our learners and upskill
in leading technologies