Faster, More Effective Threat Investigation, Threat Hunting and Reporting with Kibana

Faster, More Effective Threat Investigation, Threat Hunting and Reporting with Kibana

Kibana Dashboard

Lastline recently integrated its leading network detection and response (NDR) platform with Kibana to significantly improve your threat investigation, threat hunting and reporting capabilities. Using Kibana will help you reduce the time you spend on these activities and accelerate your ability to detect and contain cyberattacks before they disrupt your business.

What is Kibana?

Kibana is an open-source analytics and visualization platform. You can use Kibana to interact with and visualize data stored in Elasticsearch indices.

Kibana makes it easy to understand large volumes of data as well as identify previously unrecognized connections and patterns in data. You can perform advanced data analysis and visualizations such as charts, tables and maps in a simple, browser-based interface. You can also quickly create and share dashboards that update data in real-time.

Lastline’s Data Unleashed

Kibana makes it easy for your security analysts to interact with Lastline’s data so that they can understand what is happening on the network from a threat perspective. Lastline Defender stores 30 days of network and detection data in a cloud-based Elasticsearch index. Network data includes NetFlow, WebRequest, DNS, TLS, Kerberos, and SMB. Detection data includes events generated from Lastline Defender’s file analysis, intrusion detection and prevention system (IDPS), and network traffic analysis (NTA) technologies, as well as intrusions, files, and emails.

Three Use Cases

Lastline Defender’s integration with Kibana supports three primary use cases: threat investigation, threat hunting and reporting:

  1. Threat Investigation
    Kibana integration with Defender gives security analysts the ability to investigate network traffic surrounding intrusion timelines as well as the ability to investigate network traffic for hosts of interest. For example, an analyst might want to identify any hosts that communicated with a suspicious IP address at a specific time range as part of impact assessment. Or an analyst might want to leverage Kibana to further investigate an alert from one of their security tools such as SIEM or endpoint protection to link other activity from across the network.
  2. Threat Hunting
    Using Kibana, security analysts can proactively and iteratively search through network data to detect and isolate advanced threats that have evaded security controls. They have the ability to query network data for outliers and to hunt for certain types of network behaviors that have been associated with threats targeting an organization in the past. For instance, an analyst might want to look at traffic to and from certain countries that the organization doesn’t conduct business with, the hosts that conducted that communication, and any anomalous activity related to these hosts that did not otherwise generate alerts.
  3. Reporting
    Reporting includes the ability to create custom visualizations on aggregated data and to create dashboards. Kibana visualizations are based on Elasticsearch queries. By using a series of Elasticsearch aggregations to process and extract data, security analysts can create charts that show the trends, spikes and dips that they need to be aware of. A Kibana dashboard is a collection of visualizations, searches, and maps that are typically updated in real time. They offer at-a-glance insights into your data and enable you to drill down into the details when warranted.

Lastline/Kibana Dashboard

Lastline Kibana dashboard

Seamless Integration Between Lastline Defender and Kibana

Lastline recently integrated Kibana into Lastline Defender. Single-Sign-On integration automatically launches Kibana from the Lastline Defender portal so that there’s no need to install any additional software.

We would love to show you the power of Lastline Defender using Kibana to improve your Threat Investigation, Threat Hunting and Reporting!

Just click here for a demo.
Teresa Wingfield

Teresa Wingfield

As a cyber security evangelist at Lastline, Teresa Wingfield enjoys sharing new perspectives on top security challenges such as SOC efficiency, sophisticated threats, network visibility, and hybrid data center protection.Teresa has more than ten years of security experience at leading companies such as McAfee (cloud and data center security), VMware (mobile security) and Symantec (virtual machine protection and website security).She has also worked at several startups in the endpoint detection and response and compliance fields.Teresa holds a M.S. in Information Technologies from the Massachusetts Institute of Technology.
Teresa Wingfield