Getting Started with ELK Stack: Queries
|
As a SOC Analyst or Threat Hunter using the Elastic ELK Stack as a SIEM, you need to know how to make the most of its query capability. In this part of our ELK Stack series, you will learn to write custom queries to identify malicious behavior in network traffic. Then, you will get hands-on practice in our virtual lab.
Course Description
As a SOC Analyst or Threat Hunter using the Elastic ELK Stack as a SIEM, you need to know how to make the most of its query capability. In this part of our ELK Stack series, you will learn to write custom queries to identify malicious behavior in network traffic. Then, you will get hands-on practice in our virtual lab.
The target audience for this training is individuals who work in a Network Security role or Administration who may be interested in implementing the Elastic ELK stack into their environment. This training is also intended for entry-level SOC analysts who may be using ELK.
This training assumes you have a foundational knowledge of TCP/IP networking, ports and protocols, and Linux and Windows fundamentals.
What makes this course so beneficial is that you will learn what makes ELK Stack an affordable and flexible SIEM solution that can serve many use cases. In this course, you will get hands-on experience navigating and using ELK Stack as a SIEM and performing custom queries. This will prepare you to take other courses in the series where you will create alerts, configure dashboards, and configure a Beats agent to forward your logs to ELK. You will also be prepared to take the capstone lab in this series, where you will use ELK to detect malicious activity in a realistic threat-hunting scenario. These subsequent courses will be released over time, so be sure to check back for them if you don’t see them on the Cybrary platform right away.
By the end of this course, you should be able to:
Your instructor, Skyler Gehman, is a Cyber Operations Specialist in the Army. He is a graduate of the Joint Cyber Analysis Course at the Navy’s Center for Information Warfare and the Army’s Cyber Center of Excellence for Offensive and Defensive Cyberspace Operations. He has also worked in the manufacturing of military electronics and weapons systems.
What are the prerequisites for this course?
Navigate the Elastic User Interface and interact with the ELK Stack
Create custom Queries in KQL and Lucene
Your instructor, Skyler Gehman, is a Cyber Operations Specialist in the Army. He is a graduate of the Joint Cyber Analysis Course at the Navy’s Center for Information Warfare and the Army’s Cyber Center of Excellence for Offensive and Defensive Cyberspace Operations. He has also worked in the manufacturing of military electronics and weapons systems.
Module 1: Using Queries in Elastic ELK Stack
User Reviews
Be the first to review “Getting Started with ELK Stack: Queries”
You must be logged in to post a review.
There are no reviews yet.