Active
Elastic SIEM Lab
Elastic SIEM Lab
  • Elastic SIEM Lab
  • Installation
  • Generating Security Events on the Kali VM Using Nmap
  • Creating a Dashboard to Visualize the Events
  • Creating an Alert for Nmap Scan Detection
Powered by GitBook
On this page

Generating Security Events on the Kali VM Using Nmap

PreviousInstallationNextCreating a Dashboard to Visualize the Events

Last updated 8 months ago

Here's a more concise version of that section:

With your Elastic environment set up and the agent installed, it’s time to generate security events. Use Nmap, a powerful network scanning tool, to create logs that Elastic SIEM will capture. On Kali Linux, Nmap is pre-installed; on other distributions, install it via your package manager (e.g., sudo apt-get install nmap for Ubuntu/Debian).

To generate events, run a full port scan on your Kali VM’s IP with nmap -A -p- 192.168.0.27. This will produce network activity that the Elastic Agent will forward to your SIEM for analysis. Remember, Nmap can be disruptive, so review its legal and ethical implications before use.

After the scan, check the Logs tab in the Observability section of the Elastic Cloud console. Here, you’ll find the logs generated by your Nmap scan, allowing you to see how Elastic SIEM captures and analyzes security events in real time.

Filtering and displaying Nmap events from the Kali VM using Kibana Query Language (KQL) in the Elastic SIEM interface.