You're reading from Threat Hunting with Elastic Stack Solve complex security challenges with integrated prevention, detection, and response

Product type Paperback

Published in Jul 2021

Publisher Packt

ISBN-13 9781801073783

Length 392 pages

Edition 1st Edition

Tools

Kibana

Concepts

Cybersecurity

Author (1):

Andrew Pease

View More author details

Table of Contents (18) Chapters

Preface

1. Section 1: Introduction to Threat Hunting, Analytical Models, and Hunting Methodologies

2. Chapter 1: Introduction to Cyber Threat Intelligence, Analytical Models, and Frameworks FREE CHAPTER

3. Chapter 2: Hunting Concepts, Methodologies, and Techniques

4. Section 2: Leveraging the Elastic Stack for Collection and Analysis

5. Chapter 3: Introduction to the Elastic Stack

6. Chapter 4: Building Your Hunting Lab – Part 1

7. Chapter 5: Building Your Hunting Lab – Part 2

8. Chapter 6: Data Collection with Beats and Elastic Agent

9. Chapter 7: Using Kibana to Explore and Visualize Data

10. Chapter 8: The Elastic Security App

11. Section 3: Operationalizing Threat Hunting

12. Chapter 9: Using Kibana to Pivot Through Data to Find Adversaries

13. Chapter 10: Leveraging Hunting to Inform Operations

14. Chapter 11: Enriching Data to Make Intelligence

15. Chapter 12: Sharing Information and Analysis

16. Assessments

17. Other Books You May Enjoy

Query languages

Within Kibana, we can use one of three languages to query our data – with those being Lucene, KQL, and the EQL.

As mentioned in Chapter 3, Introduction to the Elastic Stack, Elasticsearch is built upon Lucene, which is a search engine library written in Java. However, before we dive too deeply into Lucene, it should be noted that this language is generally unused in newer versions of Kibana barring a few exceptions, notably, when searching using a regular expression (regex). A regex is written to identify specific characters in a string. They can be simple searches, such as finding a specific word or phrase, or more complex searches, such as finding the sixth word of a sentence but only if the sentence starts with the word "The" and ends with "?".

Because of this, we'll discuss Lucene in a bit more detail and explore a useful threat hunting example using regex. However, please note that we'll be using KQL for almost all of our...