Active
Elastic SIEM Lab
Elastic SIEM Lab
  • Elastic SIEM Lab
  • Installation
  • Generating Security Events on the Kali VM Using Nmap
  • Creating a Dashboard to Visualize the Events
  • Creating an Alert for Nmap Scan Detection
Powered by GitBook
On this page

Installation

PreviousElastic SIEM LabNextGenerating Security Events on the Kali VM Using Nmap

Last updated 8 months ago

Step 1: Set up a Free Trial Elastic Account

Start by creating a free Elastic account. Visit the Elastic registration page, sign up, and verify your email. Once verified, log in to the Elastic Cloud console. Begin your free trial and create an Elasticsearch deployment by choosing a cloud provider, region, and deployment size—default settings are usually fine for this lab. After setting up the deployment, from the Security section under the Detections tab to start monitoring for security events.

Step 2: Setting up the Agent to Collect Logs

An agent is a software program installed on a device, such as a server or endpoint, to collect and send data to a centralized system for analysis and monitoring. In the context of Elastic SIEM, the agent is crucial for collecting and forwarding security-related events from your endpoints to your Elastic SIEM instance.

To set up the agent on your Kali Linux virtual machine, first, log in to your Elastic SIEM instance. Once logged in, navigate to the Integrations page by clicking on the Kibana main menu bar at the top left and selecting “Integrations” from the dropdown menu. In the search bar on the Integrations page, type “Elastic Defend” and select it from the results. This integration is specifically designed to collect and manage security data.

  • To ensure the agent is functioning correctly, open a terminal on your Kali VM and run the command:

sudo systmctl status elastic-agent.service

Note: You should see a status message indicating that the service is active and running. This confirms that the agent is properly installed and operational, ready to begin sending data to Elastic SIEM.

Click on “” and follow the instructions provided to install the agent on your Kali VM. The installation process involves downloading the Elastic Agent package and enrolling it with your Elastic deployment. During enrollment, you’ll need to generate an enrollment token from the Elastic Cloud console, which will link the agent to your specific deployment. After completing these steps, the agent will be installed and configured to start collecting logs and forwarding them to your SIEM instance.

More Information about the role of agents in Elastic SIEM
Install Elastic Defend
install Elastic's prebuilt rules