Название: A network defender's guide to threat detection: Using Zeek, Elasticsearch, Logstash, Kibana, Tor, and more Автор: Richard Medlin Издательство: Information Warfare Center Год: 2020 Формат: PDF Страниц: 202 Размер: 22,6 Mb Язык: English
Have you ever found yourself questioning whether your network is in good hands? Did you do everything you could to defend against exploits on your network? Is your employer safe because you have one of the best Security Information Event Management (SIEM) setups you can use monitoring the network for you? Or, maybe you’re new to Information Security and you want to learn how to employ a robust Intrusion Detection System (IDS) but you don’t know where to start. If you have ever asked yourself any of these questions — or you just really want to learn about ELK Stack and Zeek (Bro) — You’ve come to the right place. A quick Google search will show you that there isn’t a lot of information for configuring Zeek (Bro), ElasticSearch, Logstash, Filebeat, and Kibana— it is rather complicated because the websites will describe how to install, but they don’t really lead you to specifics on what else you need to do, or they are really outdated. That’s where you have to piece together the information yourself, and really research — lucky for you, I did the leg work for you and decided to write this book.
Whether you’ve been in the Information Security industry for many years or you’re just getting started this book has something for you. In my time studying over the years I’ve always found that a lot of books are interesting reads, but they add a lot of fluff. That was not my goal with this book; I wanted to provide you with a straight forward book without the fluff, that will show you exactly what you need — I cover the basics, and then explain the intricacies involved with configuring a SIEM that is reliable. I also provide a step-by-step process, while including any pertinent notes that you need to pay attention to, and lastly providing a breakdown of what is occurring at that time. Having background to each section and knowing what is happening is extremely important to learning and understanding what is happening on your network. Likewise, this book covers a brief overview of different programming languages, and their configuration nuances when applied to Zeek (Bro) and Elk Stack. I tried my best to approach this as if you didn’t know anything, so that anyone can read this and understand what is happening throughout the installation and configuration process. Let’s get to the basics of what will be covered in this book so that you have a good idea of what you will learn.
Once you’re done reading this book, I am confident that you will be able to install, configure, and deploy an IDS and SIEM combination that will serve your needs. You will learn everything you need to know to operate Zeek (Bro) IDS, and ELK Stack to keep your network, and company’s data safe. Attacks will happen, and sometimes employees will unknowingly do something on the network that could cause a liability issue but having the right tools in place will help mitigate these risks.
Внимание
Уважаемый посетитель, Вы зашли на сайт как незарегистрированный пользователь.
Мы рекомендуем Вам зарегистрироваться либо войти на сайт под своим именем.
Информация
Посетители, находящиеся в группе Гости, не могут оставлять комментарии к данной публикации.