Learn about the main components of the ELK stack by going through the installation and configuring process and linking them together to form an effective log analysis utility.

In this module, we will go through installing, configuring, and integrating different components of the ELK stack to form a complete log analysis utility. This module also covers creating alerts in ELK (Wazuh) and creating advanced KQL search queries to create complex search queries to improve the log investigation.

Elastic: Using Logstash

Learn how to collect, process, and transform data with Logstash.

Custom Alert Rules in Wazuh

Learn how to create rules in Wazuh for your environment.

Elastic: Query Languages

Search large datasets efficiently with advanced queries in Kibana.

Slingshot

Can you retrace an attacker's steps after they enumerate and compromise a web server?

Topic Rewind Recap

Lock in what you learned with a recap. Earn points and keep your streak.

Need to know

Security Information and Event Management

Understand how SIEM works and get comfortable creating simple and advanced search queries to look for specific answers from the ingested logs.

Next steps

Detection Engineering

Understand various threat detection methodologies, rule syntax and tools, and learn how to apply them in a SOC environment.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).

Hierarchical diagram showing how learning pathways contain modules, which contain individual rooms.

Advanced ELK

Elastic: Using Logstash

Custom Alert Rules in Wazuh

Elastic: Query Languages

Slingshot

Topic Rewind Recap