This presentation will outline some of the highlights of using the Elastic Security platform, and one of the features in the SIEM platform called: Fleet Agents. This demonstration will show you how endpoints that are enrolled in the Fleet server feature can provide actual insights into your critical systems events. Your fleet endpoints will report its status to the fleet server, and from there you can view these events in the Kibana dashboard. Not only that, you will be able to see all of the data streams, detection alerts and events that are coming from your endpoint agents or servers that are enrolled.
Ronnie Watson is an IT Security Analyst studying Threat Intelligence, Threat detection and prevention, and actively engaged monitoring and investigations of security incidents that arise at his job or on the internet. Check out his Github Page: https://github.com/watsoninfosec or say hi to him on Twitter: @secopsgeek.