As part of my final Masters degree research component I have been collecting data from honeypots which I have seeded around the globe. The objective being to distil this data in to organisational threat data based on a fictitious business.
Part of the complication I am going to start facing, is how to how Elasticsearch and Kibana to find specific information for me from this live data set.
Previously I have indicated that a data set exists which was produced by the Canadian Institute for Cybersecurity, called IDS 2018, which contains Windows Event Logs and PCAP files relating to a set of simulated attacks generated for the purposes of teaching people how to hunt within similar datasets.
Here I will be discussing the deployment, configuration and interaction with this data set to achieve the outcome required.
Read More “Threat hunting with Elasticsearch and Kibana (Part 1)” »