Basic ELK Security Monitoring Lab Setup
How It Works:
- Windows Agent: Collects security events via Winlogbeat and Sysmon process tracking
- Ubuntu Agent: Monitors system logs through Filebeat and audits
- Logstash: Optional processing (parsing Windows event XML, filtering noise)
- Elasticsearch: Stores and indexes all security data
- Kibana: Visualizes logs with pre-built security dashboards