Member-only storyAlvaro Martinez Muñoz ✅FollowSystem Weakness--ShareThis is the third part of a multi-part series on building a Siem lab and training with ‘Purple Team’ skills. I say ‘Purple’ because while the emphasis will be on ‘Blue Team’ activities we will also need to use ‘Red Team’ techniques to populate our SIEM with relevant data. The series will be broken out into the following parts:In part one we set up the SIEM using the Elastic Stack and if you are not familiar with Elastic or you want to follow along exactly as I do then feel free to check that out first.In part two our primary focus was on understanding and setting up the correct type of event logging in our lab as well as installing and configuring the Elastic agents that will collect these events and ship them to our SIEM.In this third part we are going to generate “malicious activities” via the Atomic Red Team framework and analyze them in the SIEM.Before jumping in let’s do a quick review of the Kibana dashboard and some of the major features we are going to use.As of version 7.10 there are five main sections of which we are going to focus on two — Kibana itself and Security.I am going to show you some of the ins and outs but I would highly recommend you look at Kibana’s documentation as it will give much more detail than what I can do here.Let’s start by expanding the Kibana section and clicking on ‘Discover’.This can be thought of as the more general purpose tool for searching all of the data collected into your Elastic Stack. You can check the Discover documentation for a deep dive but I want to point out a few features that we will use in a bit.----System WeaknessHi!. I´m Alvaro and i´ll share my Personal projects hobbies like Home Assistant and Linux HomeLabs. I hope like my Posts and support me with little beer 🍻Alvaro Martinez Muñoz ✅inSystem Weakness--1Mr JokarinSystem Weakness--2Yashwant Singh 🐧inSystem Weakness--26Alvaro Martinez Muñoz ✅--Devan Naratama--Sangkyu Lee--SCHEMOX--Truvis Thornton--Cyber Sam--1Piyush Kumawat (securitycipher)--HelpStatusAboutCareersBlogPrivacyTermsText to speechTeams