In today’s cybersecurity landscape, threats are everywhere. Our telemetry and network event data quality is important to detecting, responding to, and mitigating those threats. Elasticsearch can help ease the burden of sifting through the large amounts of data that we collect. In this course, Analyze Network Event Activity Data with Elasticsearch, you’ll learn to ingest network event and telemetry data, and use it to find threats. First, you’ll explore how to ingest security device logs and Netflow, and use it to find potential threats. Next, you’ll discover how to use application data to detect anomalies and interesting behavior. Finally, you’ll learn how to correlate the data between the various sources to identify threats. When you’re finished with this course, you’ll have the skills and knowledge of Elasticsearch needed to effectively use the data being collected for cyber operations.
Author Name: Joe Abraham
Author Description:
Joe Abraham, CCIE #62417, is a Cybersecurity Architect working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three child… more