Faster, More Effective Threat Investigation, Threat Hunting and Reporting with Kibana
Lastline recently integrated its leading network detection and response (NDR) platform with Kibana to significantly improve your threat investigation, threat hunting and reporting capabilities. Using Kibana will help you reduce the time you spend on these activities and accelerate your ability to detect and contain cyberattacks before they disrupt your business.
What is Kibana?
Kibana is an open-source analytics and visualization platform. You can use Kibana to interact with and visualize data stored in Elasticsearch indices.
Kibana makes it easy to understand large volumes of data as well as identify previously unrecognized connections and patterns in data. You can perform advanced data analysis and visualizations such as charts, tables and maps in a simple, browser-based interface. You can also quickly create and share dashboards that update data in real-time.
Lastline’s Data Unleashed
Kibana makes it easy for your security analysts to interact with Lastline’s data so that they can understand what is happening on the network from a threat perspective. Lastline Defender stores 30 days of network and detection data in a cloud-based Elasticsearch index. Network data includes NetFlow, WebRequest, DNS, TLS, Kerberos, and SMB. Detection data includes events generated from Lastline Defender’s file analysis, intrusion detection and prevention system (IDPS), and network traffic analysis (NTA) technologies, as well as intrusions, files, and emails.
Three Use Cases
Lastline Defender’s integration with Kibana supports three primary use cases: threat investigation, threat hunting and reporting:
- Threat Investigation
Kibana integration with Defender gives security analysts the ability to investigate network traffic surrounding intrusion timelines as well as the ability to investigate network traffic for hosts of interest. For example, an analyst might want to identify any hosts that communicated with a suspicious IP address at a specific time range as part of impact assessment. Or an analyst might want to leverage Kibana to further investigate an alert from one of their security tools such as SIEM or endpoint protection to link other activity from across the network.
- Threat Hunting
Using Kibana, security analysts can proactively and iteratively search through network data to detect and isolate advanced threats that have evaded security controls. They have the ability to query network data for outliers and to hunt for certain types of network behaviors that have been associated with threats targeting an organization in the past. For instance, an analyst might want to look at traffic to and from certain countries that the organization doesn’t conduct business with, the hosts that conducted that communication, and any anomalous activity related to these hosts that did not otherwise generate alerts.
Reporting includes the ability to create custom visualizations on aggregated data and to create dashboards. Kibana visualizations are based on Elasticsearch queries. By using a series of Elasticsearch aggregations to process and extract data, security analysts can create charts that show the trends, spikes and dips that they need to be aware of. A Kibana dashboard is a collection of visualizations, searches, and maps that are typically updated in real time. They offer at-a-glance insights into your data and enable you to drill down into the details when warranted.
Seamless Integration Between Lastline Defender and Kibana
Lastline recently integrated Kibana into Lastline Defender. Single-Sign-On integration automatically launches Kibana from the Lastline Defender portal so that there’s no need to install any additional software.
We would love to show you the power of Lastline Defender using Kibana to improve your Threat Investigation, Threat Hunting and Reporting!Just click here for a demo.