Intermediate Pro

Open Source SIEM Home-Lab with ELK Stack

Build and Configure an End-to-End SIEM Stack using Elastic, Suricata, and Fleet

Self-Paced by Rajneesh Gupta

Overview

Project Overview: Elastic SIEM Home-Lab

This project walks you through building your own Elastic SIEM environment for centralized log management, threat detection, and visualization. You’ll set up an Elastic Stack (Elasticsearch, Kibana, Logstash, and Fleet), integrate Suricata IDS for network visibility, and onboard multiple systems (Linux, Windows, Docker) for monitoring and analytics.

  • Open-source SIEM solution by Elastic
  • Real-time data ingestion and visualization with Kibana
  • Fleet agent for scalable log collection
  • Suricata IDS integration for intrusion detection
  • Attack simulation using Kali Linux and Hydra/Metasploit
  • Deployable in VMware or Proxmox environment

What You'll Learn

  • Elastic Stack Setup

    Install and configure Elasticsearch, Logstash, and Kibana to collect and visualize security events.

  • Fleet Agent & Endpoint Onboarding

    Deploy Elastic Agent via Fleet to collect logs from Windows, Linux, and Docker-based applications.

  • Suricata IDS Integration

    Connect Suricata IDS to Elastic Stack for real-time network intrusion detection and alerting.

  • Threat Simulation & Detection

    Use Kali Linux with Hydra and Metasploit to simulate attacks and visualize detection patterns in Kibana.

Prerequisites

  • Basic understanding of Linux, networking, and virtualization
  • Virtualization platform: VMware, VirtualBox, or Proxmox
  • Minimum 4 GB RAM and 2 CPUs recommended for full lab

Lab Environment

Experience hands-on learning with our carefully designed lab environment that mirrors real-world scenarios.

  • Real-world tools and interfaces
  • Step-by-step guided instructions
  • Interactive lab environment
  • Hands-on practice with live systems
Lab Environment Preview

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Threat Hunting Home-Lab(using Velociraptor)
Pro Beginner

Threat Hunting Home-Lab(using Velociraptor)

Deploy, Configure, and Hunt Threats with Velociraptor Forensics Platform

AWS GuardDuty Findings Ingestion in Splunk using S3 and KMS Encryption
Pro Intermediate

AWS GuardDuty Findings Ingestion in Splunk using S3 and KMS Encryption

Build a secure pipeline to export GuardDuty security findings to an encrypted S3 bucket and automatically ingest them into Splunk for centralized threat monitoring and analysis.

AWS GuardDuty logs Ingestion in Splunk
Pro Beginner

AWS GuardDuty logs Ingestion in Splunk

Build a near real-time event-driven pipeline to stream GuardDuty security findings through EventBridge, SNS, and SQS into Splunk for immediate threat detection and incident response.