0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Threat Hunting with Elastic Stack

You're reading from Threat Hunting with Elastic Stack Solve complex security challenges with integrated prevention, detection, and response

Product type Paperback

Published in Jul 2021

Publisher Packt

ISBN-13 9781801073783

Length 392 pages

Edition 1st Edition

Tools

Kibana

Concepts

Cybersecurity

Author (1):

Andrew Pease

View More author details

Table of Contents (18) Chapters

Preface

1. Section 1: Introduction to Threat Hunting, Analytical Models, and Hunting Methodologies

2. Chapter 1: Introduction to Cyber Threat Intelligence, Analytical Models, and Frameworks FREE CHAPTER

3. Chapter 2: Hunting Concepts, Methodologies, and Techniques

4. Section 2: Leveraging the Elastic Stack for Collection and Analysis

5. Chapter 3: Introduction to the Elastic Stack

6. Chapter 4: Building Your Hunting Lab – Part 1

7. Chapter 5: Building Your Hunting Lab – Part 2

8. Chapter 6: Data Collection with Beats and Elastic Agent

9. Chapter 7: Using Kibana to Explore and Visualize Data

10. Chapter 8: The Elastic Security App

11. Section 3: Operationalizing Threat Hunting

12. Chapter 9: Using Kibana to Pivot Through Data to Find Adversaries

13. Chapter 10: Leveraging Hunting to Inform Operations

14. Chapter 11: Enriching Data to Make Intelligence

15. Chapter 12: Sharing Information and Analysis

16. Assessments

17. Other Books You May Enjoy

Summary

In this chapter, we took a deep dive into a live malware sample to identify how to take an alert from Kibana, pivot down to the infected host and collect additional information, and then use all of this with Kibana to identify previously undetected infections using three infection elements: a hash, a host artifact, and a persistence mechanism. Finally, we created tailored detection logic in the Security app to allow us to detect this activity in the future.

In the next chapter, we'll use this technical information to inform incident responses and enduring operations. By doing so, we can enhance the security posture of an organization and prioritize additional visibility.

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (1)

Pease

Pease

Andrew Pease began his journey into information security in 2002. He has performed security monitoring, incident response, threat hunting, and intelligence analysis for various organizations from the United States Department of Defense, a biotechnology company, and co-founded a security services company called Perched, which was acquired by Elastic in 2019. Andrew is currently employed with Elastic as a Principal Security Research Engineer where he performs intelligence and analytics research to identify adversary activity on contested networks. He has been using Elastic for network and endpoint-based threat hunting since 2013, He has developed training on security workloads using the Elastic Stack since 2017, and currently works with a team of brilliant engineers that develop detection logic for the Elastic Security App.

See other products by Pease

Other recommended products

Related to this chapter

Mastering Kibana 6.x

Mastering Kibana 6.x

Mastering Kibana 6.x provides a rundown explanation required for data visualization and analysis such as X-Pack features, Beats, and machine learning. You will be expert in creating analytics-driven visualizations from a web application. You will be a maestro in creating custom monitoring dashboard using Beats with various examples

Jul 2018 12h 32m

Kibana 7 Quick Start Guide

Kibana 7 Quick Start Guide

Kibana is the visualization tool of the Elastic Stack, used for visualizing the results of the queries as well the dashboards generated out of the Elasticsearch and Logstash components. This book contains core concepts of Kibana with a straightforward form of chapters so that reader can move forward in a step by step manner.

Jan 2019 5h 44m

Learning Kibana 7

Learning Kibana 7

This book will introduce you to Kibana 7, and will show you how it fits into the Elastic stack. You will build a pure metric analytics architecture and visualize it using Timelion. You will also learn how to build relationships between documents using Graph visualization. You will also learn to build powerful Elastic dashboards using Kibana.

Jul 2019 9h 20m

Learning Kibana 7

Learning Kibana 7

This book will introduce you to Kibana 7, and will show you how it fits into the Elastic stack. You will build a pure metric analytics architecture and visualize it using Timelion. You will also learn how to build relationships between documents using Graph visualization. You will also learn to build powerful Elastic dashboards using Kibana.

Jul 2019 9h 20m

Learning Kibana 7

Learning Kibana 7

This book will introduce you to Kibana 7, and will show you how it fits into the Elastic stack. You will build a pure metric analytics architecture and visualize it using Timelion. You will also learn how to build relationships between documents using Graph visualization. You will also learn to build powerful Elastic dashboards using Kibana.

Jul 2019 9h 20m

Practical Threat Intelligence and Data-Driven Threat Hunting

Practical Threat Intelligence and Data-Driven Threat Hunting

Threat hunting is the act of proactively tracking and eliminating adversaries from your network as early as possible. Practical Threat Intelligence and Data-Driven Threat Hunting covers both threat intelligence and the act of threat hunting from the first steps to advanced practices.

Feb 2021 13h 16m

Practical Threat Intelligence and Data-Driven Threat Hunting

Practical Threat Intelligence and Data-Driven Threat Hunting

Threat hunting is the act of proactively tracking and eliminating adversaries from your network as early as possible. Practical Threat Intelligence and Data-Driven Threat Hunting covers both threat intelligence and the act of threat hunting from the first steps to advanced practices.

Feb 2021 13h 16m

Practical Threat Intelligence and Data-Driven Threat Hunting

Practical Threat Intelligence and Data-Driven Threat Hunting

Threat hunting is the act of proactively tracking and eliminating adversaries from your network as early as possible. Practical Threat Intelligence and Data-Driven Threat Hunting covers both threat intelligence and the act of threat hunting from the first steps to advanced practices.

Feb 2021 13h 16m

Practical Threat Intelligence and Data-Driven Threat Hunting

Practical Threat Intelligence and Data-Driven Threat Hunting

Threat hunting is the act of proactively tracking and eliminating adversaries from your network as early as possible. Practical Threat Intelligence and Data-Driven Threat Hunting covers both threat intelligence and the act of threat hunting from the first steps to advanced practices.

Feb 2021 13h 16m

Practical Threat Intelligence and Data-Driven Threat Hunting

Practical Threat Intelligence and Data-Driven Threat Hunting

Threat hunting is the act of proactively tracking and eliminating adversaries from your network as early as possible. Practical Threat Intelligence and Data-Driven Threat Hunting covers both threat intelligence and the act of threat hunting from the first steps to advanced practices.

Feb 2021 13h 16m

Practical Threat Intelligence and Data-Driven Threat Hunting

Practical Threat Intelligence and Data-Driven Threat Hunting

Threat hunting is the act of proactively tracking and eliminating adversaries from your network as early as possible. Practical Threat Intelligence and Data-Driven Threat Hunting covers both threat intelligence and the act of threat hunting from the first steps to advanced practices.

Feb 2021 13h 16m

Practical Threat Intelligence and Data-Driven Threat Hunting

Practical Threat Intelligence and Data-Driven Threat Hunting

Threat hunting is the act of proactively tracking and eliminating adversaries from your network as early as possible. Practical Threat Intelligence and Data-Driven Threat Hunting covers both threat intelligence and the act of threat hunting from the first steps to advanced practices.

Feb 2021 13h 16m

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m