Featured resource
pluralsight tech forecast
2025 Tech Forecast

Which technologies will dominate in 2025? And what skills do you need to keep up?

Check it out
Hamburger Icon
  • Labs icon Lab
  • Security
Google Cloud Platform icon
Labs

Monitoring and Detection: Elastic Stack

In this lab, you’ll practice ELK stack data analysis. When you’re finished, you’ll have the knowledge to determine potential attacks based on careful analysis of available information, including packetbeat/filebeat log data. .

Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Beginner
Duration
Clock icon 1h 35m
Published
Clock icon Jun 03, 2024

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Getting Started in the Lab Environment

    Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!

  2. Challenge

    Navigating the Kibana Interface

    This challenge will familiarize participants with the ELK stack by exploring the Kibana interface, the visualization and management tool of the Elastic Stack. This challenge provides a guided walkthrough of Kibana's core features, helping you understand how to visualize network traffic data effectively.

  3. Challenge

    Identifying Port/Protocol Mismatches

    This challenge will task participants with reviewing network traffic data to identify discrepancies between port numbers and their expected protocols. Such mismatches may signal misconfigurations, unauthorized services, or malicious activities. Utilizing the pre-collected Zeek/Filebeat dataset, the goal is to discern and scrutinize these anomalies for insight into their origins and implications.

  4. Challenge

    Detecting Beaconing Hosts

    This challenge requires participants to sift through network traffic data to detect hosts demonstrating regular, periodic communication with external servers—behavior indicative of command and control (C2) server interactions. The task of leveraging pre-captured Packetbeat data and simulated beaconing traffic is to identify these clandestine communications, analyze their frequency, and investigate the involved external entities.

  5. Challenge

    Uncovering Data Exfiltration Attempts

    For this challenge participants are charged with examining outbound network traffic to unearth indicators of data exfiltration. By scrutinizing traffic for volume, frequency, and destination anomalies, the objective is to detect unusual patterns potentially indicative of unauthorized data transfers. Using simulated exfiltration activities, the aim is to identify these attempts and comprehend their execution mechanisms.

  6. Challenge

    The Last Challenge

    Welcome to the final challenge! This is your last chance to experiment in the environment. Clicking Finish Lab will end this little world that flittered into existence just for you.

Sean Wilkins is an accomplished networking consultant and writer for infoDispersion (www.infodispersion.com) who has been in the IT field for over 20 years working with several large enterprises.

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.