Orchestrate Elastic SIEM for training labs

I have a cybersecurity training program that I teach. Currently I teach it live and I use Elastic SIEM. I think it is a great product and not just because of the cost. I deploy Elastic on docker and have it running for the duration of the class which is about 3 months.

I will like to setup on-demand labs that students can start and be able to access the SIEM to investigate specific events in the SIEM. I wonder if there is a way to orchestrate this so that they get a very light version that only includes the specific events and does not require the usual amount of system resources. I understand that as part of the flow the log source will have to generate the actual events and send them to Elastic. My goal is to create light, on-demand, automated, scalable, and cloud-based labs.

Is something like this even possible and if so how would you go about it? FYI i do not mind hiring a freelancer (limited budget) if i can find one with the required skills.

Appreciate the help!

Bumping this!

If you are still on the lookout to hire someone, I would be glad to help you out as I am an experienced Elastic consultant
You can reach out to me on my email here

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.