Elastic Stack

In this guide, you will learn how to install Wazuh agent on pfSense. pfSense is the world's most trusted opensource firewall which also doubles up as an opensource router. On the other hand, Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. Wazuh agents are used to collect log...

This is a simple tutorial on how to search and delete specific records from Elasticsearch index. Elasticsearch ships with a delete_by_query API that enables you to search Elasticsearch index for records that matches a specified query and delete them. So, how can you use delete_by_query API to search and delete specific records from Elasticsearch index? Delete Specific Records from Elasticsearch...

In this tutorial, you will learn how to install ELK stack 8.x on Ubuntu systems. Elastic/ELK stack 8.0 has been released making it another major version release after Elastic 7.0. Elastic 8.0 comes with a lot of improvements including; compatibility with 7.x REST APIsecurity features enabled and configured by default (HTTPS and Authentication)Better protection for system indicesNew k-nearest neighbor (kNN)...

This tutorial will show you how you can easily configure Logstash Elasticsearch Basic authentication. If you have secured your Elasticsearch cluster with authentication/authorization, then for Logstash to be able to publish the events to the Elasticsearch cluster, it must provided valid user credentials that is authorized to publish events to specific indices. In our previous guides, we learnt how to...

This tutorial will take you through how you can configure filebeat-elasticsearch authentication. You realize that when you enable Elastic basic authentication, you need to valid user credentials to authenticate and validate access to restricted Elastic resources. Our previous guide showed how to enable Elastic stack basic authenticaion. How to Enable Basic Authentication on ELK Stack Configure Filebeat-Elasticsearch Authentication Create Required Publishing Roles In order...

In this tutorial, you will learn how to enable basic authentication on ELK stack. Elastic/ELK stack supports user authentication. This enables it to restrict access to various resources within the cluster. To access these resources when authentication is enabled, a user has to prove their identity using username/passwords or other forms of identity depending on the authentication realm enabled. How...

This guide will take you through how to integrate Osquery manager with ELK Stack. According to their Github page, osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. It is available for Linux, macOS, Windows, and FreeBSD. It allows you to query the operating system just like you would query any records from the usual relational databases...

This tutorial will take you through how you can install and enroll Elastic agents to Fleet manager in Linux. According to Elastic Fleet and Elastic Agent overview page; Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to each host. A single agent makes it easier and faster to deploy monitoring...

This tutorial will take you through how to ship system logs to ELK stack using Elastic Agents. You might be so used to using Elastic beats such as Filebeat, metricsbeat, Winlogbeat etc. to ship log from your end points to ELK for visualization. However, Elastic has announced the general availability Elastic Agents. Elastic Agent is a single, unified agent...

In this tutorial, you will learn how to detect changes to critical files in Linux using Auditbeat and ELK. Auditbeat is one of the elastic beats that according to Elastic page, collects Linux audit framework data and monitor the integrity of the files. It ships these events in real time to the rest of the Elastic Stack for further...