So we will be picking up where we left off. We have already installed Elasticsearch so if you have not completed that step yet, Part 1 is here. On with Kibana... Step 1 Install Kibana: sudo apt-get update && sudo apt-get install kibana Next we will connect the server to our localhost like we did with Elasticsearch. … Continue reading Elasticsearch Stack Install Part 2 Kibana
Month: February 2018
Elasticsearch Stack Install Part 1 Elasticsearch
So in this blog post I am going to start a series of posts dealing with installing the Elasticsearch stack and then using Winlogbeat to forward Windows event logs and Filebeat to forward bro logs and then finally we will build out some cool visualizations and dashboards. I will be installing the Elasticsearch stack on … Continue reading Elasticsearch Stack Install Part 1 Elasticsearch
Using PowerShell and Python to Analyze Amcache
I wanted to write this post on using PowerShell and Python, specifically PowerForensics and the pandas library to remotely copy the Amcache.hve file from multiple computers and then use amcacheparser.exe to parse all the amcache files and then load them all up into a pandas DataFrame for analysis. What you will need to accomplish this, … Continue reading Using PowerShell and Python to Analyze Amcache
