Advanced ELK

Learn about the main components of the ELK stack by going through the installation and configuring process and linking them together to form an effective log analysis utility.

In this module, we will go through installing, configuring, and integrating different components of the ELK stack to form a complete log analysis utility. This module also covers creating alerts in ELK (Wazuh) and creating advanced KQL search queries to create complex search queries to improve the log investigation.

Logstash: Data Processing Unit

Learn how to collect, process and transform data with Logstash.

Custom Alert Rules in Wazuh

Learn how to create rules in Wazuh for your environment.

Advanced ELK Queries

Search large datasets efficiently with advanced queries in Kibana.

Slingshot

Can you retrace an attacker's steps after they enumerate and compromise a web server?

Need to know

Security Information and Event Management

Understand how SIEM works and get comfortable creating simple and advanced search queries to look for specific answers from the ingested logs.

Next steps

Detection Engineering

Understand various threat detection methodologies, rule syntax and tools, and learn how to apply them in a SOC environment.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).