From the course: Complete Guide to Open Source Security
Join today to access over 24,800 courses taught by industry experts.
Detecting reconnaissance with the ELK Stack
From the course: Complete Guide to Open Source Security
Detecting reconnaissance with the ELK Stack
- [Instructor] Earlier in the course, we took a look at Kali Auto-pilot and generated an attack script called learning.py. I've updated this to include a stage between reconnaissance and exploitation, and added a few SSH commands. I've moved this over to my Kali system, so let's now run the script and monitor it using ELK. Cd kali autopilot /learning and python3 learning.py, and we'll start the script. Now let's go to our ELK monitoring screen. We'll enter our credentials, which is cyberx cyberx. Let's check that our fleet monitoring is healthy. We can do this by navigating to our management fleet and checking our fleet hosts. It can sometimes take a few minutes for the fleet server to synchronize with its agents, and if we have a host which remains offline after allowing a reasonable amount of startup time, then we can usually resolve it by restarting its elastic agent. As it is, we are fine. Let's now go to discover and we'll select the data sources logs and we'll set our timeframe…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
-
-
(Locked)
Installing the ELK Stack SIEM8m 19s
-
(Locked)
Upgrading Kibana to HTTPS5m 39s
-
(Locked)
Configuring log integrations3m 48s
-
(Locked)
Installing the Fleet server2m 51s
-
(Locked)
Enrolling hosts into the Fleet server6m 58s
-
(Locked)
Enhancing your logs9m 19s
-
(Locked)
Detecting reconnaissance with the ELK Stack7m 20s
-
(Locked)
Detecting exploitation with the ELK Stack4m 56s
-
(Locked)
Monitoring alerts with the ELK Stack4m 39s
-
(Locked)
-
-
-
-
-
-