From the course: Complete Guide to Open Source Security
Join today to access over 24,500 courses taught by industry experts.
Configuring log integrations
From the course: Complete Guide to Open Source Security
Configuring log integrations
- [Instructor] Now we've got our SIEM server running, we need to think about sending logs to it from the host we want to monitor. The first thing we need to do is to set up details of what kind of information we want collected. We do that through what's known as integrations. So using the main menu, we'll scroll down to management integrations. So we can see there's a large number of integrations that we can install. Let's see what we've got installed by default. We can see we have three integrations, the System agent, the Elastic agent, and the Elastic Synthetics agent. The System agent will provide the basic monitoring information that we want. However, there's more we can usefully consume. Let's go back to browse integrations and we'll scroll down until we find Osquery Manager. This integration will enable us to issue commands from the server onto the hosts that we're monitoring in order to investigate any issues we detect. So we'll select that and we'll add Osquery Manager. We'll…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
-
-
(Locked)
Installing the ELK Stack SIEM8m 19s
-
(Locked)
Upgrading Kibana to HTTPS5m 39s
-
(Locked)
Configuring log integrations3m 48s
-
(Locked)
Installing the Fleet server2m 51s
-
(Locked)
Enrolling hosts into the Fleet server6m 58s
-
(Locked)
Enhancing your logs9m 19s
-
(Locked)
Detecting reconnaissance with the ELK Stack7m 20s
-
(Locked)
Detecting exploitation with the ELK Stack4m 56s
-
(Locked)
Monitoring alerts with the ELK Stack4m 39s
-
(Locked)
-
-
-
-
-
-