Getting Started with ELK Stack: Queries
Course Content
As a SOC Analyst or Threat Hunter using the Elastic ELK Stack as a SIEM, you need to know how to make the most of its query capability. In this part of our ELK Stack series, you will learn to write custom queries to identify malicious behavior in network traffic. Then, you will get hands-on practice in our virtual lab.
Who should take this course?
The target audience for this training is individuals who work in a Network Security role or Administration who may be interested in implementing the Elastic ELK stack into their environment. This training is also intended for entry-level SOC analysts who may be using ELK.What are the prerequisites for this course?
This training assumes you have a foundational knowledge of TCP/IP networking, ports and protocols, and Linux and Windows fundamentals.Why take this course?
What makes this course so beneficial is that you will learn what makes ELK Stack an affordable and flexible SIEM solution that can serve many use cases. In this course, you will get hands-on experience navigating and using ELK Stack as a SIEM and performing custom queries. This will prepare you to take other courses in the series where you will create alerts, configure dashboards, and configure a Beats agent to forward your logs to ELK. You will also be prepared to take the capstone lab in this series, where you will use ELK to detect malicious activity in a realistic threat-hunting scenario. These subsequent courses will be released over time, so be sure to check back for them if you don't see them on the Cybrary platform right away.What makes this course different from others?
By the end of this course, you should be able to:Your instructor, Skyler Gehman, is a Cyber Operations Specialist in the Army. He is a graduate of the Joint Cyber Analysis Course at the Navy's Center for Information Warfare and the Army's Cyber Center of Excellence for Offensive and Defensive Cyberspace Operations. He has also worked in the manufacturing of military electronics and weapons systems.
Instructed by
In my job as a Defensive Network and Host Analyst, I deploy network security monitors (NSM’s) as well as host intrusion detection (HID) agents, and I monitor the health and security of enterprise networks in the DoD. I also perform forensic analysis of compromised host systems, as well as static and dynamic analysis of malware.
I am a graduate of the DoD’s Joint Cyber Analysis Course (JCAC), where I learned the fundamentals of cybersecurity, as well as more advanced concepts like Offensive Cyber Operations, Digital Forensics, and Information Warfare. I then graduated from the US Army’s Cyber Operations Course, where I built upon the fundamentals taught in JCAC in several months of practical Offensive and Defensive cyber operations simulations. I earned my Security+ certification from Comptia in 2020 and completed the DoD Cyber Crime Center’s Defense and Counter Infiltration course in 2021. I am currently pursuing a degree in Cybersecurity and Information Assurance, as well as my CySA+, CASP+, and CEH certifications. I enjoy cybersecurity because of the openness and collaborative spirit of all of the professionals in this field. In cybersecurity, there is always more to learn, and always someone willing to teach it to you. It’s been very meaningful to me to have the opportunity to teach technical skills to new learners who can use that knowledge to better themselves, and those around them.
I’m an avid science fiction fan, with some of my favorite books being Dune, Shadow of Ender, Neuromancer, and Heart of Darkness.
