Create a SIEM with the Open-Source ELK Stack

Create A Security SIEM with the ELK Stack

Overview

Using the open-source ELK stack (Elastisearch, Logstash, and Kibana), develop security dashboard to trigger and display security alerts when malicious activity is being logged. Create manual alerts and test the alerts using vulnerable machines. The ELK stack can create, aggregate, and visualize security alerts. Elasticsearch is a search and analytics engine. Logstash is a server-side data processing pipeline that ingests data, and Kibana lets users visualize data with charts. Using these three technologies, you can create your own SIEM (Security Information Event Management System).

Project Recommendations

It is recommended you have familiarity with the foundations of networking, basic knowledge of Git and GitHub, scripting, running virtual machines, and security basics.

Starting Resources & Links

What is the ELK Stack?
Visualizing Dashboards and ELK SIEM
Building Security Dashboards on ELK Stack/Elasticsearch to supercharge your SIEM
Using the Elk Stack for SIEM

Recommended Level

Intermediate

Project Author Credit: Grant C.