Cyb3rSn0rlax
Social MediaGitHub
  • About Cyb3rSn0rlax
  • 🛡️ SOC Engineering
  • 🧞Building an Open SIEM From Scratch
    • 1. Introduction to Elastic Stack
      • a. Installing and configuring Elasticsearch
      • b. Installing and configuring Kibana
      • c. Installing and configuring Logstash
    • 2. Installing OpenDistro for Elasticsearch Plugins
    • 3. Installing ElastAlert
    • 4. ELK Stack: "L" is for Lord of the Stack
      • a- Event Parsing: Pipelines
      • b - Event Parsing : From Beats to Logstash
      • c- Event Normalization with ECS
    • 5. Alerting in ELK
    • 6. Building Detection Rules
    • 7. Metrics Reports & Dashboards
  • 🛡️A Primer to Detection Engineering Dimensions in a SOC Universe
    • Operationalization
    • Execution
    • Analytics
  • 😺GitHub Projects
    • ELK4QRadar
    • Automating ELK Health Check
  • 💾DFIR
    • DFIR-01 : $MFT
    • DFIR-02 : Journal Forensics
    • DFIR-03: RDP Authentication Artifacts
  • ☢️ DEATH : Detection Engineering And Threat Hunting
    • 🔑TA0006 : Credential Access
      • Detecting Remote Credentials Dumping via comsvcs.dll
    • 🦘TA0008 : Lateral Movement
      • Detecting Lateral Movement via Service Configuration Manager
      • Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 1
      • Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 2
  • 🔎Misc
    • Infosec Game-Sense
Powered by GitBook
On this page
  • Download and Install Debian package manually
  • Modify Configuration file
  • Starting Kibana
  1. Building an Open SIEM From Scratch
  2. 1. Introduction to Elastic Stack

b. Installing and configuring Kibana

Installing Kibana is quite straight forward

Download and Install Debian package manually

$ wget https://artifacts.elastic.co/downloads/kibana/kibana-7.8.0-amd64.deb
$ sudo dpkg -i kibana-7.8.0-amd64.deb

Modify Configuration file

Edit /etc/kibana/kibana.yml Kibana's configuration file according to your network preferences and leave the rest at it is.

#Listening port
server.port: 5601

#Server's IP
server.host: "192.168.20.222"

#Node Name
server.name: "elk_allinone"

Starting Kibana

$ sudo systemctl start kibana
$ sudo systemctl status kibana
$ sudo /bin/systemctl daemon-reload
$ sudo /bin/systemctl enable kibana.service
Previousa. Installing and configuring ElasticsearchNextc. Installing and configuring Logstash

Last updated 4 years ago

🧞
Kibana Up and running