From the course: Complete Guide to Open Source Security
Join today to access over 24,800 courses taught by industry experts.
Monitoring alerts with the ELK Stack
From the course: Complete Guide to Open Source Security
Monitoring alerts with the ELK Stack
- [Instructor] One of the more powerful monitoring capabilities in ELK Stack is alerts. From the homepage, we can select Security, Alerts and at the top right we can manage Rules. If we haven't loaded the predefined rules yet, we'll be asked whether we want to import them, which we will. And we'll install them all. We now have over 800 prebuilt rules installed, each of which can be enabled or disabled using the switch at the right of the alert. Let's search for SSH. And we'll take a look at the rule Potential SSH Password Guessing. In the right-hand pane, we're provided with a description of the alert and also its coding within the MITRE ATT&CK framework. In the right hand pane, we can see the query. In this case, we can see that the query is looking for a time span of three seconds and that it's looking for 10 attempts. Also note that this is focused on Linux hosts. We'd have to write a different query to check for brute force attacks against a Windows SSH system. In the lower…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
-
-
(Locked)
Installing the ELK Stack SIEM8m 19s
-
(Locked)
Upgrading Kibana to HTTPS5m 39s
-
(Locked)
Configuring log integrations3m 48s
-
(Locked)
Installing the Fleet server2m 51s
-
(Locked)
Enrolling hosts into the Fleet server6m 58s
-
(Locked)
Enhancing your logs9m 19s
-
(Locked)
Detecting reconnaissance with the ELK Stack7m 20s
-
(Locked)
Detecting exploitation with the ELK Stack4m 56s
-
(Locked)
Monitoring alerts with the ELK Stack4m 39s
-
(Locked)
-
-
-
-
-
-