Elastic: Query Languages

In a Security Operations Center (SOC), analysts are constantly inundated with data from various sources, including network traffic logs, intrusion detection systems, vulnerability scanners, and endpoint security software. Effectively sifting through this massive amount of information can overwhelm any analyst. Mastering advanced queries can significantly streamline this process, enabling analysts to extract critical insights and make well-informed decisions. In this room, we will delve into advanced Kibana queries, an integral component of the Elastic Stack that provides visualization and analytics for data stored in Elasticsearch.

Learning Objectives

• Understand the query languages available in Kibana and when to use them
• Build advanced searches using operators, special characters, and flexible matching techniques
• Accurately filter and search structured and nested data within events
• Refine search results by controlling how terms are matched within fields and log messages
• Apply pattern-based searches to uncover variations and related activity

Prerequisites

Before starting this room, you should understand the basics of navigating the Kibana interface and have some familiarity with writing queries.

• Check out Elastic Stack: The Basics for an overview on Kibana navigation and searches
• Cover Regular Expressions to learn about identifying variations and structured text in data

Machine Access

Click the Start Machine button below. Please give Elastic five minutes to start and access the Kibana dashboard with the link below, using the following credentials:

• https://LAB_WEB_URL.p.thmlabs.com/ (opens in new tab)
• Username: elastic
• Password: elastic

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting the Target Machine, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.

Target machine

Status:Off

Start Machine