# Installation

### **Step 1: Set up a Free Trial Elastic Account**

Start by creating a free Elastic account. Visit the Elastic registration page, sign up, and verify your email. Once verified, log in to the Elastic Cloud console. Begin your free trial and create an Elasticsearch deployment by choosing a cloud provider, region, and deployment size—default settings are usually fine for this lab. After setting up the deployment, [install Elastic's prebuilt rules ](https://www.elastic.co/guide/en/security/current/prebuilt-rules-management.html#load-prebuilt-rules)from the Security section under the Detections tab to start monitoring for security events.

<figure><img src="/files/hzmQfkL3w4laBWiDnDlL" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/YLf73LGp6ZtnmILOdDuc" alt=""><figcaption></figcaption></figure>

**Step 2: Setting up the Agent to Collect Logs**

> An agent is a software program installed on a device, such as a server or endpoint, to collect and send data to a centralized system for analysis and monitoring. In the context of Elastic SIEM, the agent is crucial for collecting and forwarding security-related events from your endpoints to your Elastic SIEM instance.

* [More Information about the role of agents in Elastic SIEM](https://www.elastic.co/guide/en/fleet/current/fleet-overview.html)

To set up the agent on your Kali Linux virtual machine, first, log in to your Elastic SIEM instance. Once logged in, navigate to the Integrations page by clicking on the Kibana main menu bar at the top left and selecting “Integrations” from the dropdown menu. In the search bar on the Integrations page, type “Elastic Defend” and select it from the results. This integration is specifically designed to collect and manage security data.

<figure><img src="/files/7AN1d8uyyLz3z5gC7ENc" alt=""><figcaption></figcaption></figure>

Click on “[Install Elastic Defend](https://www.elastic.co/guide/en/security/current/install-endpoint.html)” and follow the instructions provided to install the agent on your Kali VM. The installation process involves downloading the Elastic Agent package and enrolling it with your Elastic deployment. During enrollment, you’ll need to generate an enrollment token from the Elastic Cloud console, which will link the agent to your specific deployment. After completing these steps, the agent will be installed and configured to start collecting logs and forwarding them to your SIEM instance.

* To ensure the agent is functioning correctly, open a terminal on your Kali VM and run the command:

<pre class="language-bash"><code class="lang-bash">sudo syst<a data-footnote-ref href="#user-content-fn-1">e</a>mctl status elastic-agent.service
</code></pre>

<figure><img src="/files/U12yPhi3hurUm4S9iEdl" alt=""><figcaption></figcaption></figure>

Note: *You should see a status message indicating that the service is active and running. This confirms that the agent is properly installed and operational, ready to begin sending data to Elastic SIEM.*

<figure><img src="/files/I8490xsDjrUCILaO4kJi" alt=""><figcaption></figcaption></figure>

[^1]:


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://alejandros-organization-8.gitbook.io/active/untitled/installation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.