Elastic: Setting up a SOC Lab

In a modern Security Operations Center (SOC), detection starts with data, but raw logs alone provide limited value without the ability to centralize, search, and visualize them at scale. The Elastic Stack enables security teams to ingest massive volumes of data and transform them into actionable insights. In this room, you'll explore Elastic's core architecture and get hands-on experience building a SOC lab to ingest, search, and investigate log data from multiple sources.

Learning Objectives

• Understand the core components of the Elastic Stack
• Install and configure an Elastic Stack deployment
• Ingest, parse, and search log data from multiple sources
• Build dashboards and visualizations to analyze log data

Prerequisites

Some familiarity with the Linux command line, SIEM concepts, and log analysis is recommended. However, all required commands and necessary information are provided in the walkthrough:

• Elastic Stack: The Basics for an overview of Elastic architecture, running queries, and creating visualizations

Machine Access

Click the Start Machine button below. The machine will start in Split-Screen mode, and you will have access to all necessary files in the /home/ubuntu/Downloads directory.

We recommend switching to Full Screen mode for a more immersive experience. This provides a larger workspace, making it easier to manage the terminal and browser as you progress through the room. If your side menu is stuck in full screen, please enter and exit to fix the issue.

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting the Target Machine, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.

Target machine

Status:Off

Start Machine