In this room, I got hands-on experience using the ELK stack (Elasticsearch, Logstash, and Kibana) for security investigations. I learned how to navigate Kibana, search through log data, and use visualizations to uncover suspicious activity. The exercises showed me how powerful ELK is when it comes to parsing and analyzing huge amounts of log data.
By completing the investigation scenarios, I practiced piecing together what attackers were doing across systems and networks. It gave me a strong introduction to how SOC teams leverage ELK to monitor environments and respond to potential incidents.
