Register for the Elastic Academy at: https://www.elastic.co/training/free
This should take about 15 – 20 minutes.
Welcome to your CyberShip Elastic skills journey. The Elastic skills training is a combination of on demand short videos and hands on labs using the Elastic cloud instance.
The courses listed below are all 15 minutes in length and constitute your introduction to what is known as the Elastic Stack. Take all of the quick starts . Logging Quick Start
- Metrics Quick Start
- APM Quick Start
- Workplace Search Quick Start
- App Search Quick Start
- Elastic Security Quick Start
- User Experience Monitoring Quick Start
Syllabus: The function of the security operations center (SOC) is to monitor, prevent, detect, investigate, and respond to cyber threats around the clock. SOC teams are charged with monitoring and protecting the organization’s assets including intellectual property, personnel data, business systems, and brand integrity. SOC teams utilize a variety of tools to accomplish their work. There are a variety of cybersecurity jobs in a SOC. Chief amongst the SOC jobs is that of a SOC Analyst. A SOC analyst is a cybersecurity professional who works as part of a team to monitor and fight threats to an organization’s IT, IoT or control systems infrastructure, and to assess security systems and measures for weaknesses and possible improvements. SOC analyst is a job title held by infosec newbies and more experienced pros alike.
One of the top tool used by SOC teams in government and in the commercial sector are the set of tools by Elastic.
Elastic (NYSE: ESTC) is a search company with a simple goal: to solve the world’s data problems with products that delight and inspire. As the creators of the Elastic Stack, they help thousands of organizations including Cisco, eBay, Goldman Sachs, Microsoft, The Mayo Clinic, NASA, The New York Times, Wikipedia, Verizon, and many more use Elastic to power mission-critical systems. From stock quotes to Twitter streams, Apache logs to WordPress blogs and much more.
Elastic also powers about 90% of all search bars on the internet! It even performs jobs that most people consider a search.
The Elastic skill sessions you will engage in are all part of Elastic’s professional training offered on their website. The course you will take are each about 2 – 3 hours. For your CyberShip your focus should be on Kibana and Elastic Security Fundamentals SIEM. These two are your mandatory skill classes that will aid you in doing your CyberShip work duties. In between your daily sessions, you will work virtually with members of the MISI SOC team as they analyze and search for cyber threats in customer networks.You will also participate scheduled stand-ups designed to allow team members to discuss their observations, ask questions and receive input from members of your team.
You will be able to:
- Understand the basic fundamentals of Kibana and Elastic SIEM
- Understand how Kibana and Elastic SIEM are used to seek out cybersecurity anomalies
- Understand the role of Elastic tools in helping to secure companies against persistent cyber attacks
- Discuss how Elastic is used in the AWS Cloud
- Articulate how Elastic Security provides security teams with an interactive workspace to detect and respond to threats
- Conduct basic level triage of events and perform investigations, gathering evidence on an interactive timeline
- Open and update cases, forwarding potential incidents to the senior members of your MISI team
You will learn how detailed event logs show you whether your systems are running as smoothly as possible. You will also understand how granular resource usage information gives you important insights on how your infrastructure is running. And you will discover how application traces give detailed information about performance and errors inside your applications and services. After completing this course, you will know how to unify your logs, metrics, and APM data in a single datastore with the ability to automatically correlate this data in an intuitive user interface.
You will start by exploring the fundamentals of log monitoring. Then you will learn to ship log data to Elasticsearch Service on Elastic Cloud using Filebeat. Next you will analyze and visualize your logs in Kibana to gain insights into your observability data. After completing this course, you will be able to implement the Elastic Stack for log monitoring as you build a fully observable system.