Im totally new at ELK and I need to gain knowledge ASAP to start super fast at light-speed.
My intention is to use it similarly and in comparison with other solutions as splunk, alienvault, etc..
I dont know if ELK can correlate and generate alerts or it is just usefull for log search. So, could it be a sustitute of a SIEM correlator ? (Security event manager and correlator)
Are there VM for vmware already available to download and start playing/learning with them ?
Videos ? for me are much better than a book because it is more practical and much faster than books.
I dont know if ELK can correlate and generate alerts or it is just usefull for log search. So, could it be a sustitute of a SIEM correlator ? (Security event manager and correlator)
It probably won't be sufficient for all needs within that area.
Are there VM for vmware already available to download and start playing/learning with them ?
I don't know of any VM images, but there are definitely Docker images available on DockerHub.
Videos ?
There are numerous videos available on elastic.co and you'll find many tech talks on e.g. YouTube.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.