Chapter 7: Creating a Research Environment

In this chapter, we are going to learn how to set up a research environment to simulate threats and carry out our hunts. We are going to start by simulating an organizational environment with Windows Server and Windows 10, establishing a logging policy for centralizing data in an ELK environment. Finally, we are going to close this chapter by reviewing some of the other options we have to save us some of the trouble of building everything from scratch.

In this chapter, we're going to cover the following topics:

Setting up a research environment
Installing VMware ESXI
Installing Windows Server
Configuring Windows Server
Setting up ELK
Configuring Winlogbeat
Bonus – adding Mordor datasets to our ELK ...

Get Practical Threat Intelligence and Data-Driven Threat Hunting now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

Chapter 7: Creating a Research Environment

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly