Lab Objectives
This lab is the walkthrough of my approach to building an Elastic SIEM lab set up in a home lab environment using Elastic SIEM within a Kali Linux VM, where data is forwarded from the VM to the SIEM through the Elastic Defend agent. In this lab, security events are generated on the Kali Linux VM using Nmap, and these logs are then queried and analysed within the Elastic web interface. To enhance visibility and monitoring, a dashboard is created to visualise the security events, and an alert system to notify when specific security events are detected.
