Hello Defenders,
Welcome to Episode 5 of "Building a Threat Detection Lab from Scratch." This comprehensive video series is designed to guide you in creating a robust Threat Detection Engineering Lab using open-source tools and community editions of popular enterprise solutions like Cribl, Elastic Security, Splunk, and more!
About the Series:
This series is perfect for cybersecurity enthusiasts, professionals, and beginners who want to master threat hunting and cyber threat research. We'll cover everything from basic setups to advanced configurations and architectures, ensuring your SOC Lab is equipped to handle real-world scenarios.
In This Episode:
Today, we'll ensure you don't get locked into a single platform in your detection lab. Learn how to take control of your logging data and route it to various destinations, including Azure, AWS, GCP, Falcon, Logscale, Sumologic, Splunk, Elastic, Grafana, and Exabeam. Using Cribl Stream, we'll ingest data from various sources and route it to your preferred destinations.
Agenda:
- Setup Cribl Stream all-in-one single instance container
- Setup Elastic as the input source to Cribl & observe the logs
- Configure Elastic to send data to Cribl
- Sign up for a free account on the New Relic SaaS observability platform
- Configure Cribl to send data to New Relic (cloud)
- Configure Cribl to send data to Splunk (on-prem)
We'll forward data from Elastic-Agent (EDR, Osquery, Packetbeat, Windows logs) to ElasticSearch and then to Cribl. From Cribl, we'll route data to various platforms of your choice.
Chapters:
00:00 - Intro
03:00 - Get Elastic Containers Up
05:50 - Validate Elastic-Agent configuration and real-time data ingestion
06:50 - Explain the Data-routing concept of Elastic-Agent
08:55 - Cribl Sign-up
11:40 - Cribl container setup on logging server
15:40 - Configure Elastic as Input source in Cribl
17:06 - Add Cribl to Fleet-outputs
18:11 - Validate data coming from Elastic in Cribl UI
20:46 - Sign up on the New Relic Observability Platform
23:27 - Add Cribl integration in New Relic
24:34 - Setup Log forwarding from Cribl to New Relic
26:20 - Validate incoming logs in New Relic
27:54 - Configure Cribl for Splunk log Forwarding
39:40 - Wrap-up
Reference Resources:
You can find all the software links and referenced architecture Diagram at [Threat Hunting & Open Research (THOR)](sakshamtushar.notion.site/Threat-Hunting-Open-Research-THOR-fa9cc76e743940bebe4f02b09c270a8d?p=656c958745844b61930dd2e5c53849e6&pm=c)
Don’t forget to like, comment, and subscribe to stay updated with more Threat Detection & Threat Hunting tutorials, walkthroughs, and insightful content!
Don’t forget to like, comment, and subscribe to stay updated with more cybersecurity tutorials, walkthroughs, and insightful content!
#Cribl #ThreatDetectionLab #ElasticSecurity #Splunk #SOCLab #SecurityOperationsLab #LogForwarding #DataForwarding #DataRouting #Cybersecurity #ElasticSearch #CriblStream #NewRelic #CyberThreatHunting #ThreatIntelligence #DataRouting #LogForwarding #DataForwarding #SecurityMonitoring #DataIntegration #SecurityOrchestration #DataRetention #SecurityCompliance #SecurityAutomation #SecurityAnalytics #DataProcessing #LogAnalysis #LogRetention #SecurityOperationsLab #SecurityIncidentResponse #ThreatDetection #SecurityResearch #SOCLab #SecurityOperations #Splunk #ElasticSecurity #SecuritySolutions #ThreatDetectionLab #ThreatIntelligence #SecurityTesting #ThreatSimulation #SecurityAssessment #ThreatMitigation #ThreatHunting #Cribl #SecurityTools #LogManagement #LogCollection
Негізгі бет Multi SIEM & Log Forwarding with Cribl Stream | Elastic, Splunk, New Relic | Ep 5 | Detection Lab
Пікірлер: 10