Setting Up Elastic 8 with Kibana, Fleet, Endpoint Security, and Windows Log Collection

00:00 - Intro brief descriptions of Elastic, Kibana, Fleet Management, Endpoint Security, Windows Logging 01:40 - Logging into our Elastic Box and going to www.digitalocean.com/community/tutorials/how-to-in… 02:30 - Changing the Elastic Repo from 7.x to 8.x, then installing Elastic making sure to grab the default credentials 06:50 - Making sure our Elastic Database is online with Curl 08:10 - Installing Kibana 08:40 - Generating an enrollment token for Kibana, adding it to the config and starting Kibana 10:15 - Installing NGINX to put in front of Kibana 11:45 - Logging into Kibana and setting up the Fleet Integration so we can manage agents 14:00 - Copying the Elastic CA Certificate over the fleet, just to make some of our certificates easier 15:00 - Installing fleet but adding the --fleet-server-es-ca and --insecure flags 16:50 - Installing the Fleet Agent on our windows box 20:30 - Adding the Endpoint and Cloud Security Integration, which has a lot of good alerts for detecting bad things 22:30 - Installing the Default Elastic Security Endpoint Rules, without this the Elastic Agent is not monitoring for malicious events! 26:10 - Adding the Windows Integration so our agent collects logs 29:40 - Uh-Oh We aren't getting any data from our agents. Our elastic endpoint agent is getting an SSL Error when talking to ElasticSearch 31:30 - Editing Kibana to let us edit our default fleet settings, so we can modify the Elastic Config on our agents 34:30 - Viewing data from our agents! 35:06 - Viewing sysmon logs, viewing running processes 38:30 - Viewing sysmon logs for DNS Requests 42:30 - Looking at the default Elastic Alerts for our host. Nothing too special since its a new windows box