In this chapter, we are going to learn how to set up a research environment to simulate threats and carry out our hunts. We are going to start by simulating an organizational environment with Windows Server and Windows 10, establishing a logging policy for centralizing data in an ELK environment. Finally, we are going to close this chapter by reviewing some of the other options we have to save us some of the trouble of building everything from scratch.
In this chapter, we're going to cover the following topics:
- Setting up a research environment
- Installing VMware ESXI
- Installing Windows Server
- Configuring Windows Server
- Setting up ELK
- Configuring Winlogbeat
- Bonus – adding Mordor datasets to our ELK instance
- The HELK – an open source tool by Roberto Rodriguez
Let's get started!