Analyze Endpoint Data with Elasticsearch

The endpoint remains one of the primary targets for cyber threat actors. Endpoint monitoring and analysis is ever more critical to an organization, to protect its data and intellectual property. This course will teach you how to monitor and analyze endpoint data using Elasticsearch.

When threat actors target an organization, it can be either targeted or opportunistic in nature. What is clear is that the endpoint is often a primary target. Attackers will use a range of attack techniques from phishing, malware or even social engineering to name a few to achieve their aims. In this course, Analyze Endpoint Data with Elasticsearch, you will use the software Elasticsearch. Elasticsearch provides powerful search capabilities that can be used to give cyber defenders the ability to analyze data, detect threats and help to investigate security incidents. First, you will be given an overview into Elasticsearch software. Next, you will discover how to analyze Cloud Applications, Windows, and Linux endpoints. Then you will learn about operating system baseline, anomaly and file integrity monitoring. Finally, you will learn to analyze data for malicious logon and process activity. When you are finished with this course you will have the skills and knowledge to better protect your organization, its data and intellectual property. This is an intermediate level course and you should have good knowledge of common cyber attack techniques as well as some incident response knowledge.

• Course Overview 2mins
• Baseline and Anomaly Detection 13mins
• Cloud Application Analysis with Elasticsearch 13mins
• Malicious Process Monitoring 12mins
• File Integrity Monitoring 9mins
• Malicious Logon Monitoring 10mins
• Windows Host Analysis 13mins
• Linux Host Analysis 12mins
• Summary 4mins