https://www.elastic.co/virtual-events/unlock-your-soc-stop-threats-with-limitless-xdr
Detect - alert-rules
Video minute 15:20
Cases:
minute : 27
External Incident Management System: (eg: JIRA)
minute: 28:31
28 February 2022
Elastic Security: Detect - Alerts - Rules - Case
Elastic XDR & SIEM
As Sept 2021
ref: https://www.elastic.co/virtual-events/unlock-your-soc-stop-threats-with-limitless-xdr
11 February 2022
Fleet Components (and Elastic Agent)
Elastic Agent and Fleet Server Data Flow
ref: https://www.youtube.com/watch?v=l7ey8g0MNB4&list=PLHWOo1y-i8sm9_sA__ggKXzEuFdzZJTzm&index=5&t=200s
10 February 2022
Cara set password utk elastic yg deploy atas docker
Dlm docker-compose.yml:
services: elasticsearch: environment: - ELASTIC_PASSWORD=$ELASTIC_PASSWORD
Dlm file .env:
ELASTIC_PASSWORD=changeme
https://discuss.elastic.co/t/set-password-and-user-with-docker-compose/225075
09 February 2022
upgrade elastic on docker
elastic on docker use docker-compose
in docker-compose.yml:
services:
es31:
image: docker.elastic.co/elasticsearch/elasticsearch:${VERSION}
in .env file(on same dir)
VERSION=7.7.0
When new release exist,
1- just change the version in file .env
2- stop the docker
3- start the docker again (docker-compose up es31)
Elasticsearch engine will handle all the process to upgrade. If you has cluster with multiple node, repeat steps above with all the non-master node. The master node should be the last one.
07 February 2022
Linux Network namespace
Do your own virtual network container
*marvelous
https://iximiuz.com/en/posts/container-networking-is-simple/
Subscribe to:
Posts (Atom)