Creating a Dashboard for security events in Kibana


(paul) #1

Hi, I'm working on a dashboard that can display a number of security events, such as logon logoff, time of day from source etc. However I don't fully appreciate the visualise component of Kibana. My question is: has anyone been working on such a dashboard and is willing to share what they know?

To make a start I would like to be able to see:
Access events
Source of request
Host
Time
Calculate number of logon failures
Calculate number of logon successes
View account names in use
View account escalations
Access to file shares
location tile maps
ssh connections

I'm using winlogbeats and filebeats feeds. Currently running v5 of winlogbeats and I can see that the data is searchable but I am not sure how to build the dashboard. If you have any info to help it would be appreciated.

Thank you


(system) #2