reading-notes
Dedicated to my thoughts while learning cybersec
ELK Stack Operations with Security Onion
11/11/2020
What is the ELK Stack
- ElasticSearch
- An open-source, RESTful convention search and analytics engine. ElasticSearch offers a wide range of supported languages, high performance, and schema-free documents.
- LogStash
- A data processing pipeline that allows you to collect data from a variety of sources, transform it on the fly, and send it to a desired location. LogStash is most often used as a data pipeline for Elasticsearch
- Kibana
- A data visualization dashboard for Elasticsearch. Kibana provides visualization capabilities on top of the content indexed on an Elasticsearch cluster. Users can create bar, line and scatter plots, or pie charts and maps on top of large volumes of data
Security Onion
Peel back the layers of security in your enterprise
Security Onion is a free and open source Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!