DEV Community: Raj Kumar Paneru

Simple SIEM Home Lab Using Elastic Cloud

Raj Kumar Paneru — Sun, 16 Mar 2025 05:27:08 +0000

Introduction

As the topic states, this is a simple guide to setting up our very own home lab for SIEM using Elastic Cloud. Here, I explain all the steps I followed to create a functional SIEM environment using Elastic Cloud and a Kali Linux VM. This project helped me explore my cybersecurity journey with hands-on practical knowledge about SIEM.

Prerequisites for This Project

Before diving into the project, we should have the following:

Virtualization software like VirtualBox
An Elastic Cloud Account (Free trial available for 14 days)
Basic familiarity with Linux and virtualization concepts

Tasks Performed

Below are the tasks I performed with descriptions:

1. Setting Up the Elastic Account

Before starting, let's first create a free Elastic account by following the steps below:

If you don't have an account, register for a free account using the following link: Elastic Cloud Registration. Then, sign in to your account.
After signing in, click the Create Deployment button and choose Elasticsearch as the deployment type.
Select a region and deployment size that aligns with your project requirements, then click on Create Deployment.
After a certain time, the configuration finalizes. Click on Continue to proceed.

With that, I am one step closer to my project.

2. Setting Up the Linux VM

Set up the Kali Linux VM by following the official documentation: Kali Virtualization Guide.

3. Setting Up the Agent to Collect Logs from VM

Let's dive into the practical part. In order to effectively monitor security events on our Kali VM, I had to send the logs from my Kali VM to the Elastic instance. For that, I set up an agent. The agent plays a role in collecting and transmitting data from devices to Elastic Cloud for analysis and monitoring.

Steps to Set Up the Agent

First, I logged into my Elastic SIEM instance and navigated to the Integrations page by clicking the Add Integration button at the bottom of the sidebar:

Then, I selected Elastic Defend as the integration:

Next, I clicked on the Add Elastic Defend button at the top-right side of the screen:

Then, I clicked on Install Elastic Agent and selected Linux Tar, then copied the command provided:

After that, I opened my Kali VM, pasted the command into the terminal, and pressed Enter. It took a few minutes to install the Elastic Agent. Now, the agent automatically starts collecting and forwarding logs to my Elastic SIEM instance.

4. Querying for Security Events in the Elastic SIEM

After successfully forwarding the data from the Kali VM to our SIEM instance, it's time to dive into log analysis using the SIEM interface. I followed these steps:

Accessing the Elastic Deployment: Navigate to the Elastic deployment and search for logs in the menu. This helps me access logs obtained from my Kali VM.

Searching for Security Events

Enter a Search Query: I used the search bar to filter logs according to different criteria. For example, to separate logs related to Nmap scanning, I used the query:

   event.action:"nmap"

Execute the Search: After writing the query, I pressed Enter, and after a short delay, it displayed a list of logs related to the Nmap command.

Review Search Results: The results are presented in a structured format, allowing me to explore individual events further by clicking on the three dots adjacent to each event. This helped me examine log details more closely.

By generating and analyzing various types of security events within Elastic SIEM, I can deepen my understanding of how security incidents are identified, investigated, and addressed in real-world environments.

5. Creating a Dashboard to Visualize Events

After analyzing the logs, we can visualize them using the SIEM Dashboard. I created a new dashboard to track the count of security events per second over time. This provided valuable insights into my network's security posture.

6. Creating an Alert

In a SIEM environment, alerts are essential for detecting security threats and responding swiftly. By configuring alerts based on predefined or custom rules, I can effectively track suspicious activities and take necessary actions. This guide walks through creating an alert in Elastic SIEM to detect Nmap scans, ensuring proactive log monitoring and timely notifications.

I started by clicking "Manage Rules" in the Alerts interface. Then, I created a new rule by selecting "Create New Rule". In the "Define Rule" section, I chose "Custom Query" and set the conditions to detect Nmap scan events.

Next, I named the rule "Nmap Scan Detection", added a description, and set the severity level. After that, I selected an appropriate action, such as sending an email, Slack message, or webhook notification. Finally, I clicked "Create and Enable Rule" to activate the alert.

Now, the rule continuously monitors logs for Nmap scan events. If detected, it triggers the configured action.

Conclusion

Setting up this home lab using Elastic SIEM and a Kali VM has been a great learning experience. I successfully configured log forwarding, analyzed security events, created dashboards, and set up alerts for potential threats. This project has strengthened my skills in security monitoring and incident response, giving me practical experience with SIEM tools. I look forward to further refining my knowledge and exploring advanced security analysis techniques.

Daytona_Sample_Project : CareCradle

Raj Kumar Paneru — Fri, 10 Jan 2025 06:08:25 +0000

Inspiration Behind the Project

A few months ago, I stumbled upon an article detailing Nepal’s alarming maternal mortality rate (MMR) of 151 per 100,000 live births. The piece shed light on the struggles faced by women, especially in rural areas like Lumbini and Karnali provinces. It highlighted several heartbreaking realities:

The lack of timely access to accurate information.
A severe shortage of qualified healthcare professionals.
Very entrenched traditional practices, as well as social stigmas.

Now, as I dug deeper into the matter, it was evident just how crucial an issue this is and how very many of the complications could actually be prevented by proper resources. It sparked a desire within me—a need for creating a solution that could truly make a difference. That was when I resolved to build CareCradle —a web-based chatbot.

The Birth of an Idea

The problem seemed daunting at first. How could I, as a developer, address such a significant issue? After brainstorming and exploring various ideas, I decided to build a web app that would act as a digital companion for expectant mothers.

I wanted this app to:

Provide personalized advice tailored to the specific needs of each user.
Offer real-time interactions for quick and accurate responses.

The idea was ambitious but achievable, especially with the power of modern AI tools. With this vision in mind, I embarked on a journey to create CareCradle, an open-source, AI-powered assistant.

Building CareCradle

Choosing the Right Tools

The first step was selecting the technology stack. I wanted something robust, scalable, and developer-friendly. After some research, I decided on:

Daytona: For its intuitive workspace creation and deployment capabilities.
React: To develop an interactive and dynamic user interface.
Tailwind CSS: For a modern and responsive design.
OpenAI's API: For generative AI so as to provide assistance that is specific and in real-time.

The Development Process

1. Setting Up the Foundation

First, I started by setting up the Daytona workspace. The integration of Daytona with modern frameworks made the process extremely smooth. Within minutes, I had my environment ready to start coding.

2. Bringing the Idea to Life

I used React and Tailwind CSS to design an interface that was both user-friendly and visually appealing. The AI-powered backend was the most exciting part. It integrated OpenAI's API, allowing CareCradle to provide tailored advice and instant responses, which was a game-changer for the project.

3. Testing and Iteration

After I completed the initial version, I put it through thorough testing. I had peer and mentor feedback that made me make sure that my app was functional and accessible.

**Impact and Reflections

CareCradle is more than just an app; it is a step toward filling the gap in maternal healthcare. Seeing the positive feedback from the initial users has been very rewarding. Knowing that this tool may potentially save lives and empower women during their pregnancy journey motivates me to keep improving it.

This experience taught me the ability of technology in dealing with real-world problems. It also tried to reemphasize that user understanding and empathy is the key when developing impactful solutions.

Why Daytona?

Due to its ease of use and flexibility, Daytona became the spine of CareCradle's development. Here's why I used Daytona:

Streamlined Development Workflow: Daytona has streamlines workspace creation and deploys, enabling me to focus on building the application rather than the environment in which it runs.

Seamless Integration: It works effortlessly with modern frameworks like React, ensuring a smooth development process.

Scalability: Daytona’s architecture supports scaling the app as its user base grows, which is essential for a project aimed at widespread impact.

Developer-Friendly Tools: Its intuitive setup and rich documentation significantly reduced the time spent troubleshooting, enabling me to bring CareCradle to life faster.

Community Involvement

CareCradle is an open-source project, and I believe in the power of community-driven development. I encourage developers, designers, and healthcare professionals to contribute and collaborate. Whether it's improving the AI model, designing a more intuitive interface, or providing insights from the healthcare field, every contribution can help improve the app's impact.

To get involved, you can:

Visit the GitHub repository.

Fork the repo and submit pull requests with new features or bug fixes.
Share your feedback, ideas, or experiences with the app to help shape its future development.
Spread the word to increase awareness and impact.

Together, we can make a meaningful difference in the lives of expectant mothers in Nepal.

Future Improvements

While CareCradle has already made a significant impact, there is always room for growth. Here are a few features I plan to add in the near future:

Multilingual Support: To ensure that the app can be used by women across different regions of Nepal, I plan to incorporate multi-language support (including Nepali, Maithili, and Bhojpuri).
Real-time Healthcare Consultations: I will partner with local healthcare professionals to enable real-time consultations via the app. This way, mothers can reach doctors at times when they most need them.
Emergency Alert System: I will install an emergency alert system that would alert nearby healthcare facilities in case of an urgent need for medical attention by an expectant mother.

These improvements will enhance the app’s functionality, ensuring it continues to meet the evolving needs of its users.

Conclusion

Building CareCradle has been an incredible journey of learning and growth. It’s a testament to how technology, when used thoughtfully, can drive meaningful change. I hope this project inspires others to tackle pressing social issues and leverage their skills for the greater good.

link to my project