# Disboard #
  • Reconnaissance
    • Quick Guide
    • Ports and Protocols
    • Passive Reconnaissance
    • Active Reconnaissance
  • Enumeration
    • Password Cracking
    • Hydra
    • Wireshark
    • Snort
    • Steganography
  • Web
    • OWASP Top 10
    • OWASP API
    • SQL Injection
      • Microsoft SQL Injection
    • Cross Site Scripting
    • Browser Vulnerabilities
    • Fuzzing
  • Linux
    • Privilege Escalation
    • Docker
    • Program Life Cycle
  • Windows
    • Privilege Escalation
    • Active Directory
    • Powershell
  • Event Logs
    • Sysmon
  • Exploitation
    • Shells
      • Upgrading Shells
    • Metasploit
      • Meterpreter
    • KOTH
    • Source Code Review
  • Hack the Box
    • ARCHETYPE
    • BASE
    • BASHED
    • EXPLORE
    • NIBBLES
  • Try Hack Me
    • ADVENTURE TIME
    • HACKFINITY
    • MOTHER'S SECRET
    • OFFSEC
    • POSTEXPLOIT
    • ROASTED
    • TEMPEST
    • TRAVERSE
  • CompTIA
    • Network
      • 1.0 Networking Fundamentals
      • 2.0 Network Implementations
      • 3.0 Network Operations
      • 4.0 Network Security
      • 5.0 Network Troubleshooting
    • PenTest
  • SIEM
    • Splunk
    • Elastic
  • Wireless
    • Wi-Fi Hacking
  • Other
    • PicoCTF
    • SSH Tunneling
    • Life Hacks
    • My Pokémon API
    • Github
Powered by GitBook
On this page
  • The ELK Stack
  • Elasticsearch
  • Logstash
  • Kibana
  • Beats
  1. SIEM

Elastic

The ELK Stack and its components

PreviousSplunkNextWi-Fi Hacking

Last updated 9 months ago

The ELK Stack

The Elastic Stack is a collection of open-source software components developed by Elastic. The "stack" consists of three core products:

  1. Elasticsearch

  2. Logstash

  3. Kibana

When used together, the Elastic Stack becomes a very versatile toolset that can be used for a wide range of use cases, including log analysis, application performance monitoring, security analysis, and business intelligence. The components work together allowing for the simplied collection, processing, and analysis of data from various sources.

Elasticsearch

The central component of the Elastic Stack, it is an open-source, distributed search and analytics engine designed for storing and indexing large volumes of data. Its highly scalable system can store and search various data types. It is built on top of Apache Lucene, an open source search engine library, and provides a simple REST API for indexing, searching, and analyzing.

Logstash

Logstash is a data ingestion and processing tool primarily used to collect, process, and transform data from various sources and prepare it for storage in Elasticsearch. Its designed to handle various data types including logs, metrics, events, and other data. It has a collection of input, filter, and output plugins that can be used to collect data from many sources, parse and transform it, and then send it to various destinations.

Kibana

The interactive graphical and visual front-end powering the Elastic Stack. Users can create interactive dashboards, visualizations, and reports based on data in Elasticsearch. It has the ability to search and filter log events.

Beats

Although Beats is not mandatory, it can be crucial in providing efficient and secure data collection capabilities. Beats are lightweight data "shippers" that collect various types of data from different endpoints and can then forward that data directly to Elasticsearch or Logstash for further processing. They can be tailored for specific use cases like collecting system logs, network traffic data, and metrics from servers and applications.