Getting Started with ELK Stack: Queries

Cybrary
Course
New

As a SOC Analyst or Threat Hunter using the Elastic ELK Stack as a SIEM, you need to know how to make the most of its query capability. In this part of our ELK Stack series, you will learn to write custom queries to identify malicious behavior in network traffic. Then, you will get hands-on practice in our virtual lab.

Time
1 hour 15 minutes
Difficulty
Intermediate
CEU/CPE
2
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course Content
Module 1: Using Queries in Elastic ELK Stack
Course Introduction
4m
Lab: Use Custom Queries to Find Potential Malicious Activity
30m
Course Description

As a SOC Analyst or Threat Hunter using the Elastic ELK Stack as a SIEM, you need to know how to make the most of its query capability. In this part of our ELK Stack series, you will learn to write custom queries to identify malicious behavior in network traffic. Then, you will get hands-on practice in our virtual lab.

Who should take this course?

The target audience for this training is individuals who work in a Network Security role or Administration who may be interested in implementing the Elastic ELK stack into their environment. This training is also intended for entry-level SOC analysts who may be using ELK.

What are the prerequisites for this course?

This training assumes you have a foundational knowledge of TCP/IP networking, ports and protocols, and Linux and Windows fundamentals.

Why take this course?

What makes this course so beneficial is that you will learn what makes ELK Stack an affordable and flexible SIEM solution that can serve many use cases. In this course, you will get hands-on experience navigating and using ELK Stack as a SIEM and performing custom queries. This will prepare you to take other courses in the series where you will create alerts, configure dashboards, and configure a Beats agent to forward your logs to ELK. You will also be prepared to take the capstone lab in this series, where you will use ELK to detect malicious activity in a realistic threat-hunting scenario. These subsequent courses will be released over time, so be sure to check back for them if you don't see them on the Cybrary platform right away.

What makes this course different from others?

By the end of this course, you should be able to:

  • Navigate the Elastic User Interface and interact with the ELK Stack
  • Create custom Queries in KQL and Lucene

Your instructor, Skyler Gehman, is a Cyber Operations Specialist in the Army. He is a graduate of the Joint Cyber Analysis Course at the Navy's Center for Information Warfare and the Army's Cyber Center of Excellence for Offensive and Defensive Cyberspace Operations. He has also worked in the manufacturing of military electronics and weapons systems.

Instructed By
Skyler Gehman
Skyler Gehman
Cyber Operations Specialist
Instructor
Provider
Cybrary
Course Components
On Demand Videos to learn from industry leaders
Certificate of Completion
Certificate Of Completion

Complete this entire course to earn a Getting Started with ELK Stack: Queries Certificate of Completion