ELK for Security Analysis by Chris Sanders (Networkdefense.io)

ELK is Elasticsearch, Logstash, and Kibana and together they provide a framework for collecting, storing, and investigating network security data. In this course, you’ll learn how to use this powerful trio to perform security analysis. This isn’t just an ELK course; it’s a course on how to use ELK specifically for incident responders, network security monitoring analysts, and other security blue teamers.
You’ll learn the basics of:

Elasticsearch: How data is stored and indexed. Working with JSON documents.
Logstash: How to collect and manipulate structured and unstructured data.
Kibana: Techniques for searching data and building useful visualizations and dashboards.
Beats: Use the agent to ship data from endpoints and servers to your ELK systems.

I’ll show you how to build complete data pipelines from ingest to search.

This means you’ll get to watch step-by-step guides for dealing with security specific data types like:

HTTP Proxy Logs
File-Based Logs (Unix, auth, and application logs)
Windows Events & Sysmon Data
NetFlow Data
IDS Alerts
Dealing with any CSV file you’re handed
Parsing unstructured logs, no matter how weird they are

When you walk away from this course, you should be equipped with the skills you need to build a complete IDS alert console, investigation platform, or security analysis lab.

You can view the detailed course syllabus here.
Course Format

ELK for Security Analysis is delivered completely online using recorded video lectures that you can go through at your convenience. It is modeled like a college course and consists of lectures that overview critical concepts, demonstrations where I walk through ELK configuration, and lab exercises when you practice the concepts you’ve learned. There is also a discussion forum where you can ask questions and share tips and tricks with other students. The course can be completed at whatever pace is comfortable for you.
Prerequisites

No prior ELK experience is required.

The demonstrations are done on Linux, so a basic understanding of the Linux command line is helpful.

The course is delivered in English.
ELK for Security Analysis includes:

Over 12 hours of demonstration videos. These videos will break down the fundamental concepts of the ELK Components. We’ll discuss key concepts and demonstrate steps you’ll take to ingest, parse, search, and visualize security data.
Hands-on labs to help you develop and test your skills. You’ll complete lab exercises by downloading sample data sets and applying the concepts you’ve learned to build data pipelines. Every data set you’ll interact with is of meaningful security value: Bro/Zeek logs, HTTP proxy logs, firewall logs, Windows event logs, and more.
Participation in our student charitable profit sharing program. A few times a year we designate a portion of our proceeds for charitable causes. AND students get to take part in nominating charities that are important to them to receive these donations.
6 months access to course video lectures and lab exercises. You can extend access later if you need more time.
A Certification of Completion
Continuing Education Credits (CPEs/CEUs)