SEC-300 ELK Stack for Security Operations

Course Overview

Course: SEC-300 ELK Stack for Security Operations
Semester: FA23
Professor: Adam Goldstein

Course Description

This course will focus on a topic of current interest. Content will supplement the CNCS Cyber Operations Specialization curriculum and relate to industry and research trends. The course will include issues regarding the integration of new security technology or paradigms into existing environments and choosing between alternatives.

This course primary focused on setting up an ELK stack in AWS and doing some log digestion using the ELK setup. We also explored different types of beats.

Labs

• Lab 1 Setting up Elastic in AWS
• Lab 2 Elasticsearch Queries
• Lab 3.1 Configuring Metricbeat
• Lab 3.2 Configuring Filebeat
• Lab 4.2 Auditbeat with Logstash

References/Notes