I am currently working through HackTheBox’s SOC Analyst Job role path as a pre-requisite for the CDSA Certification, and so far I am in love. I have been looking for hands-on practice to add to my resume to prove to my current and future employers that I am all in on making this my future and so far so good with this course. Let's get into it….
This module starts by introducing you to several SIEMS explaining their importance in security operations and providing use cases for organizations. We will be using the “ELK” stack in this module using Elasticsearch, Logstash, and Kibana. Elasticsearch is the core component of the ELK stack, it handles indexing, storing, and querying. This pairs with Logstash nicely which is responsible for collecting, transforming, and transporting log file records. Finally, Kibana is used as the visualization tool where you can view the data stored and execute queries using KQL.
In this module, I got the opportunity to learn how to create and refine dashboards that SOC Analysts use daily to monitor different things.
At the top of the image, you can see a KQL query used to refine the data visualization to represent only relevant results. Below this, you can see I implemented filters to further refine our data.
You can see in the images above I only have 4 rows stated but you can add as many as you would like depending on what information is necessary for the use case. You can implement the rows on the sidebar using whichever field is necessary for the dashboard you are creating, you can see I used the simple “user.name.keyword” field to see the username of the failed login attempt.
There is much more I learned in this module but I would like to keep my posts short and sweet and go more in-depth when I finish the whole program if you are looking for hands-on learning that will help you when you get into a Security role or just to drive home concepts learned in theoretical exams I really recommend this course. I will be posting about every module I finish and if you’re interested in this course but want to learn more please do not hesitate to reach out to me on LinkedIn.
Thank you for reading and continue to learn something every day!
