misi-academy-logo

WEEK 3 - ELASTIC ACADEMY

12/14/20 - 12/18/20

DAY 11

Monday 12/14

Register for the Elastic Academy at:  https://www.elastic.co/training/free

This should take about 15 – 20 minutes.

Welcome to your CyberShip Elastic skills journey.    The Elastic skills training is a combination of on demand short videos and hands on labs using the Elastic cloud instance. 

The courses listed below are all 15 minutes in length and constitute your introduction to what is known as the Elastic Stack.  Take all of the quick starts .  Logging Quick Start

Syllabus: The function of the security operations center (SOC) is to monitor, prevent, detect, investigate, and respond to cyber threats around the clock. SOC teams are charged with monitoring and protecting the organization’s assets including intellectual property, personnel data, business systems, and brand integrity.  SOC teams utilize a variety of tools to accomplish their work.  There are a variety of cybersecurity jobs in a SOC.  Chief amongst the SOC jobs is that of a SOC Analyst. A SOC analyst is a cybersecurity professional who works as part of a team to monitor and fight threats to an organization’s IT, IoT or control systems infrastructure, and to assess security systems and measures for weaknesses and possible improvements. SOC analyst is a job title held by infosec newbies and more experienced pros alike.

One of the top tool used by SOC teams in government and in the commercial sector are the set of tools by Elastic. 

Elastic (NYSE: ESTC) is a search company with a simple goal: to solve the world’s data problems with products that delight and inspire. As the creators of the Elastic Stack, they help thousands of organizations including Cisco, eBay, Goldman Sachs, Microsoft, The Mayo Clinic, NASA, The New York Times, Wikipedia, Verizon, and many more use Elastic to power mission-critical systems. From stock quotes to Twitter streams, Apache logs to WordPress blogs and much more.

Elastic also powers about 90% of all search bars on the internet! It even performs jobs that most people consider a search.

The Elastic skill sessions you will engage in are all part of Elastic’s professional training offered on their website. The course you will take are each about 2 – 3 hours. For your CyberShip your focus should be on Kibana and Elastic Security Fundamentals SIEM. These two are your mandatory skill classes that will aid you in doing your CyberShip work duties. In between your daily sessions, you will work virtually with members of the MISI SOC team as they analyze and search for cyber threats in customer networks.You will also participate scheduled stand-ups designed to allow team members to discuss their observations, ask questions and receive input from members of your team.

You will be able to:

  1. Understand the basic fundamentals of Kibana and Elastic SIEM
  2. Understand how Kibana and Elastic SIEM are used to seek out cybersecurity anomalies
  3. Understand the role of Elastic tools in helping to secure companies against persistent cyber attacks
  4. Discuss how Elastic is used in the AWS Cloud
  5. Articulate how Elastic Security provides security teams with an interactive workspace to detect and respond to threats
  6. Conduct basic level triage of events and perform investigations, gathering evidence on an interactive timeline
  7. Open and update cases, forwarding potential incidents to the senior members of your MISI team

You will learn how detailed event logs show you whether your systems are running as smoothly as possible. You will also understand how granular resource usage information gives you important insights on how your infrastructure is running. And you will discover how application traces give detailed information about performance and errors inside your applications and services. After completing this course, you will know how to unify your logs, metrics, and APM data in a single datastore with the ability to automatically correlate this data in an intuitive user interface.

COURSE: Observability Fundamentals

You will start by exploring the fundamentals of log monitoring. Then you will learn to ship log data to Elasticsearch Service on Elastic Cloud using Filebeat. Next you will analyze and visualize your logs in Kibana to gain insights into your observability data. After completing this course, you will be able to implement the Elastic Stack for log monitoring as you build a fully observable system.

COURSE : Introduction to Observability: Logging

DAY 12

Tuesday 12/15

Kibana is an essential part of the Elastic and one of the principle ways you will conduct cyber data visualization and parsing.  In the world of cyber data is essential and there are career tracks that focus purely on data visualization and processing. 

COURSE: Kibana Fundamentals

In this live interactive session you will get the chance to ask questions and participate in a live session where Kibana is used to parse through data or is configured to generate different views of available data in the MISI Elastic cloud instance.

DAY 13

Wednesday 12/16

This is another pivotal skills course, notice we try to avoid the word curriculum, your CyberShip is about skills attainment and utilization. The use of Security Information and Event Management (SIEM) is a foundational skill and career track in cybersecurity. Artificial Intelligence and Machine Learning are additional advanced aspects of new SIEM tools that Elastic also has and that enhance the speed of threat detection.  

Try to finish this course in two hours, but if you do not take the time to invest in yourself and finish it later on your own time.

COURSE: Elastic Security Fundamentals: SIEM

In this live session your MISI Team member will review what you learned about the Elastic SIEM.  Use this time to ask your MISI Team member questions and time permitting you will participate in a live demonstration using the MISI Elastic cloud hosted instance.

DAY 14

Thursday 12/17

Anomaly detection is a key skill and it is an essential part of your CyberShip experience.  The ability to question what you see and to validate your thinking is an important part of the cybersecurity threat analytics skills set.  Part of your job is not to just find and report the obvious but to find the hidden meaning or not so obvious indicators of a potential active cyber threat.

COURSE : Anomaly Detection for Cybersecurity

Anomaly detection is a key skill and it is an essential part of your CyberShip experience.  The ability to question what you see and to validate your thinking is an important part of the cybersecurity threat analytics skills set.  Part of your job is not to just find and report the obvious but to find the hidden meaning or not so obvious indicators of a potential active cyber threat.

COURSE : Anomaly Detection for Cybersecurity

Live Elastic Cyber Analytics Led by MISI Team member with independent work assignment.  This session will begin your CyberShip work skills with Elastic journey.  You will work initially in a group session to get your assignments, ask questions and then begin to apply your learning using real data to look for cyber threats.

In any given environment, workstations and servers need to be secured for a variety of different reasons. From protecting sensitive data and personal information, to keeping mission-critical endpoints from being interrupted, these systems keep business functions running. This course walks you through the fundamental skills for utilizing Elastic Endgame to protect those endpoints. You will learn how to deploy the solution to each of your endpoints. You’ll also get an introduction to different types of threats, what they look like within the platform, and how to mitigate them to stay safe. You will also learn how to use Elastic Endgame to ask questions of and investigate endpoints for threats. After completing this course, you will have a firm understanding of how to better secure your environment and the endpoints that support it. 

COURSE: Elastic Endgame Fundamentals

DAY 15

Friday 12/18

This session will allow you complete part 1 of the Elastic Fundamentals and allow you to return to any other modules you may have not completed and to take the test and earn all of your Elastic certificates.

COURSE: Elastic Endgame Fundamentals

 

You are on the final lap and you need to complete and collect all of your Elastic skills course certificates. If you have finished early, you can take this time to login to your MISI Elastic account and continue conducting cyber threat analytics and hunting across your assigned DIB customers.

Ready set go! This will be the beginning of more challenging upcoming work assignments.  Be ready to support daily standups, discuss your findings, write your cyber threat cases for review by senior members of your team.

Quick Starts

Not sure where to start with Elastic? Start here. Our Quick Start guides will have you in your own Elastic Cloud cluster exploring data sets in less than 15 minutes.

Fundamentals training

Our self-paced courses include expertly designed materials, engaging demos, hands-on lab exercises, and access to Elastic experts to help you build and retain new skills. And they’re all available anywhere you have an internet connection.

Independent Learning Materials

NDAA and Presidential Directives on Cyber Policy and Authorities used by the Army Corp of Engineers

https://www.bloomberg.com/press-releases/2019-06-25/introducing-elastic-siem

https://youtu.be/d_lRbTOSiGE

https://youtu.be/EvMOQoTKvSw

https://youtu.be/MWOXQmzsixs

GO TO CYBERSHIP HOME

DIVE INTO WEEK 4

This website uses cookies to ensure you get the best experience on our website.

Accept