00:00 - Intro brief descriptions of Elastic, Kibana, Fleet Management, Endpoint Security, Windows Logging
01:40 - Logging into our Elastic Box and going to https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elastic-stack-on-ubuntu-22-04
02:30 - Changing the Elastic Repo from 7.x to 8.x, then installing Elastic making sure to grab the default credentials
06:50 - Making sure our Elastic Database is online with Curl
08:10 - Installing Kibana
08:40 - Generating an enrollment token for Kibana, adding it to the config and starting Kibana
10:15 - Installing NGINX to put in front of Kibana
11:45 - Logging into Kibana and setting up the Fleet Integration so we can manage agents
14:00 - Copying the Elastic CA Certificate over the fleet, just to make some of our certificates easier
15:00 - Installing fleet but adding the --fleet-server-es-ca and --insecure flags
16:50 - Installing the Fleet Agent on our windows box
20:30 - Adding the Endpoint and Cloud Security Integration, which has a lot of good alerts for detecting bad things
22:30 - Installing the Default Elastic Security Endpoint Rules, without this the Elastic Agent is not monitoring for malicious events!
26:10 - Adding the Windows Integration so our agent collects logs
29:40 - Uh-Oh We aren't getting any data from our agents. Our elastic endpoint agent is getting an SSL Error when talking to ElasticSearch
31:30 - Editing Kibana to let us edit our default fleet settings, so we can modify the Elastic Config on our agents
34:30 - Viewing data from our agents!
35:06 - Viewing sysmon logs, viewing running processes
38:30 - Viewing sysmon logs for DNS Requests
42:30 - Looking at the default Elastic Alerts for our host. Nothing too special since its a new windows box
Support the originator by clicking the read the rest link below.
