Chapter 9: Using Kibana to Pivot Through Data to Find Adversaries

Now that we've learned about the individual apps within Kibana, introduced various query languages, experimented with visualizations and dashboards, and explored security solutions, we can begin to stitch various data sources together to move beyond detection to identify how an adversary got inside the endpoint and what the goal of their intrusion was. This is extremely helpful when looking at operational and strategic intelligence assessments, as discussed in Chapter 1, Introduction to Cyber Threat Intelligence, Analytical Models, and Frameworks.

In this chapter, you'll learn how to use timelines in the Security app, use observations to connect network and endpoint data, and create ...

Get Threat Hunting with Elastic Stack now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Threat Hunting with Elastic Stack by Andrew Pease

Chapter 9: Using Kibana to Pivot Through Data to Find Adversaries

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly