If you are interested in networking or information security then you are likely familiar with the port scanning tool nmap. Network Mapper is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. 

If you're unaware, I warn you that using nmap to port scan IP addresses of infrastructure that you don’t own is most likely illegal in your country. To be safe, scan only your own infrastructure, or get permission to do so. This article assumes that you know how to use nmap.

Keep reading

This tutorial shows you how to export data from Elasticsearch into a CSV file. Imagine that you have some data in Elasticsearch that you would like to open up in Excel and create pivot tables from the data. This is just one use case where exporting data from Elasticsearch into a CSV file would be useful. 

Keep reading

Collecting threat intel has become an important topic in the information security industry. Unfortunately, this topic is mostly discussed behind closed doors. There could be several reasons why you would like to import data into Elasticsearch, and there are several ways that you can make use of threat intelligence.

This article is not meant as a copy/paste tutorial on how to run your own threat intel program, but rather to get you thinking of all the possibilities on how you can utilize Logstash, Elasticsearch, and Kibana in working with threat intelligence. 

Keep reading

In the previous article, we introduced Kibana and two simple visualizations. In this installment of the ELK series, we discuss more types of visualizations available in Kibana in detail. The visualizations panel allows for several options, such as the pie chart, line chart, bar chart, tile maps, and more. Let us try them out.

Keep reading

In the previous blog in this ELK stack tutorial series, we reviewed parsing our logs with Logstash and indexing them to Elasticsearch. 

With this post, we move on and focus on visualizing the parsed log details using Kibana 4.3, as well as finding useful patterns and information residing in them. We will begin by creating a few basic visualizations.

Keep reading

If you're a Qbox user or you've been reading this blog, then you probably know plenty about what Elasticsearch can do as a stand-alone product. In this article, we present an overview of the entire ELK stack, which is a bundle of open-source search, logging and visualization  technologies that combine into a very powerful analytics platform. Continue reading below to find out how ELK works and how you can leverage it to manage log data.

Keep reading