Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Defensive Security with Kali Purple

You're reading from   Defensive Security with Kali Purple Cybersecurity strategies using ELK Stack and Kali Linux

Arrow left icon
Product type Paperback
Published in Jun 2024
Publisher Packt
ISBN-13 9781835088982
Length 376 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Karl Lane Karl Lane
Author Profile Icon Karl Lane
Karl Lane
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Part 1:Introduction, History, and Installation
2. Chapter 1: An Introduction to Cybersecurity FREE CHAPTER 3. Chapter 2: Kali Linux and the ELK Stack 4. Chapter 3: Installing the Kali Purple Linux Environment 5. Chapter 4: Configuring the ELK Stack 6. Chapter 5: Sending Data to the ELK Stack 7. Part 2: Data Analysis, Triage, and Incident Response
8. Chapter 6: Traffic and Log Analysis 9. Chapter 7: Intrusion Detection and Prevention Systems 10. Chapter 8: Security Incident and Response 11. Part 3: Digital Forensics, Offensive Security, and NIST CSF
12. Chapter 9: Digital Forensics 13. Chapter 10: Integrating the Red Team and External Tools 14. Chapter 11: Autopilot, Python, and NIST Control 15. Index 16. Other Books You May Enjoy Appendix: Answer Key

What this book covers

Chapter 1, An Introduction to Cybersecurity, delivers an introduction to cybersecurity through exploring the parallel histories of emergent technology and associated threats. It talks about offensive security versus defensive security and how we got to be where we are today.

Chapter 2, Kali Linux and the ELK Stack, explores the genealogy of Kali versus other flavors of Linux and introduces one of the operating system’s core defensive tools, a group of applications collectively known as the ELK stack. Elasticsearch, Logstash, and Kibana (ELK) are presented along with supporting data shipping components Beats and X-Pack.

Chapter 3, Installing the Kali Purple Linux Environment, provides a comprehensive review of how to acquire, update, and run Kali Purple and its required dependencies regardless of the host operating system presently utilized by the reader. The chapter covers this need for compatibility through the exploration of virtual machines, focusing on the universally accepted and freely available VirtualBox.

Chapter 4, Configuring the ELK Stack, converges the lessons learned from the previous two chapters to walk you through standing up the core components of the ELK stack along with the technology that supports it. The chapter begins by looking at the Elasticsearch database and indexing application and integrating it with the Kibana visual interface before adding Logstash for data enrichment.

Chapter 5, Sending Data to the ELK Stack, continues to build upon the configuration of ELK by exploring how the SIEM solution gets its information through data shippers, along with setting them up to report to the SIEM. The chapter will explore the full picture of how the data flow—how information is enriched by Logstash, indexed and stored in Elasticsearch, and displayed to the SIEM users through Kibana.

Chapter 6, Traffic and Log Analysis, digs a little deeper into the information that may ultimately end up running through the ELK stack or some other SIEM solution by examining a brief overview of packets, before introducing the Malcolm suite of data collection and analysis tools, highlighting Arkime – one of Malcolm’s more prominent data analysis tools.

Chapter 7, Intrusion Detection and Prevention Systems, builds upon Malcolm’s suite of tools introduced in the previous chapter by providing an overview of intrusion detection and prevention systems. It starts by comparing and contrasting the two types of intrusion management styles before focusing on the Suricata IDS/IPS and the Zeek IDS.

Chapter 8, Security Incident and Response, makes a robust effort to explain incident response through the introduction of a Security Orchestration and Automation Response (SOAR) setup using StrangeBee’s Cortex and TheHive. Additional integrations are explained with various intelligence and information threat feeds, such as the Malware Information Sharing Platform (MISP), the Structured Threat Information eXpression (STIX), and Trusted Automated Exchange of Indicator Information (TAXII). This chapter concludes by challenging you to begin independent research and community contributions.

Chapter 9, Digital Forensics, takes a look at Kali Purple’s contribution to digital forensics through malware analysis, along with introductions to some tools that might otherwise be more offensive security-oriented but provide insight into user behavior and mindset.

Chapter 10, Integrating the Red Team and External Tools, brings together the offensive security utilities previously associated with Kali Linux and penetration testing for you to deploy and use against the defensive utilities you’ve been exploring and setting up throughout the rest of the book. This chapter delves into offensive security with popular tools such as OWASP ZAP, Wireshark, Metasploit, Burp Suite, Nmap, sqlmap, Nikto Nessus, Hydra, Medusa, and John the Ripper.

Chapter 11, Autopilot, Python, and NIST Control, wraps up the Defensive Security with Kali Purple book with advanced features such as autopilot automated scripting. Then, it provides a unique take on the Python scripting language, focusing not on learning how to develop code but instead on recognizing it for the purposes of analysis from a cyber defender’s perspective. Finally, the chapter covers the framework upon which Kali Purple was modeled, including a high-level overview of the recently added Govern pillar.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime