A Lesson with ELK: Always follow the Directions...


As a cybersecurity professional, it is so important to follow the "instructions"... What do I do? I overlook things when I am tired or in a rush. The latest "Dave" moment involved the installation of an ELK stack.


What is ELK? Built on an open-source foundation, Elasticsearch and Kibana pave the way for diverse use cases that start with logging and span as far as your imagination takes you. Elastic features like machine learning, security, and reporting.


Given that it is a time-intensive project that I should have been patient, I rushed it and had to completely remove all things ELK from my Linux workstation and start over. Hell, I haven't even started due to the amount of time I need to dedicate to rebuilding it.


A lesson to the impatient, always take your time. I have learned a valuable lesson from this and will dedicate a weekend to building it out, and learning from where I rushed configurations and guides.


I built it out to better understand the SIEM that I work with at work and to mess around with it to try and improve one thing that I learned from. I also wanted to continue my machine learning lesson that I am doing after work.


My next goal is to build out an ELK stack and a Splunk SIEM and see which one does better. Here's to round two... I'll keep you posted.