Install Wazuh Agent on pfSense
In this guide, you will learn how to install Wazuh agent on pfSense. pfSense is the world's most trusted opensource firewall which also doubles up as an opensource router. On the other hand, Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. Wazuh agents are used to collect log...
Delete Specific Records from Elasticsearch Index
This is a simple tutorial on how to search and delete specific records from Elasticsearch index. Elasticsearch ships with a delete_by_query API that enables you to search Elasticsearch index for records that matches a specified query and delete them. So, how can you use delete_by_query API to search and delete specific records from Elasticsearch index?
Delete Specific Records from Elasticsearch...
Install ELK Stack 8.x on Ubuntu
In this tutorial, you will learn how to install ELK stack 8.x on Ubuntu systems. Elastic/ELK stack 8.0 has been released making it another major version release after Elastic 7.0. Elastic 8.0 comes with a lot of improvements including;
compatibility with 7.x REST APIsecurity features enabled and configured by default (HTTPS and Authentication)Better protection for system indicesNew k-nearest neighbor (kNN)...
Configure Logstash Elasticsearch Basic Authentication
This tutorial will show you how you can easily configure Logstash Elasticsearch Basic authentication. If you have secured your Elasticsearch cluster with authentication/authorization, then for Logstash to be able to publish the events to the Elasticsearch cluster, it must provided valid user credentials that is authorized to publish events to specific indices.
In our previous guides, we learnt how to...
Configure Filebeat-Elasticsearch Authentication
This tutorial will take you through how you can configure filebeat-elasticsearch authentication. You realize that when you enable Elastic basic authentication, you need to valid user credentials to authenticate and validate access to restricted Elastic resources.
Our previous guide showed how to enable Elastic stack basic authenticaion.
How to Enable Basic Authentication on ELK Stack
Configure Filebeat-Elasticsearch Authentication
Create Required Publishing Roles
In order...
How to Enable Basic Authentication on ELK Stack
In this tutorial, you will learn how to enable basic authentication on ELK stack. Elastic/ELK stack supports user authentication. This enables it to restrict access to various resources within the cluster. To access these resources when authentication is enabled, a user has to prove their identity using username/passwords or other forms of identity depending on the authentication realm enabled.
How...
Integrate Osquery Manager with ELK Stack
This guide will take you through how to integrate Osquery manager with ELK Stack. According to their Github page, osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. It is available for Linux, macOS, Windows, and FreeBSD.
It allows you to query the operating system just like you would query any records from the usual relational databases...
Install and Enroll Elastic Agents to Fleet Manager in Linux
This tutorial will take you through how you can install and enroll Elastic agents to Fleet manager in Linux. According to Elastic Fleet and Elastic Agent overview page;
Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to each host. A single agent makes it easier and faster to deploy monitoring...
Ship System Logs to ELK Stack using Elastic Agents
This tutorial will take you through how to ship system logs to ELK stack using Elastic Agents. You might be so used to using Elastic beats such as Filebeat, metricsbeat, Winlogbeat etc. to ship log from your end points to ELK for visualization. However, Elastic has announced the general availability Elastic Agents. Elastic Agent is a single, unified agent...
Detect Changes to Critical Files in Linux using Auditbeat and ELK
In this tutorial, you will learn how to detect changes to critical files in Linux using Auditbeat and ELK. Auditbeat is one of the elastic beats that according to Elastic page, collects Linux audit framework data and monitor the integrity of the files. It ships these events in real time to the rest of the Elastic Stack for further...