Hi Team,

Here is the recording from our Eden deep dive session around Security and showcasing how I utilize EDEN and my deployment to create a dynamic demo experience and talk track to be able to pivot and have a conversation with the customer around discovery and building validation of Elastic and solution building.

Agenda:

1. Kick-off of all intros to customers talking about integrations and data ingest and how Elastic is different. Simplicity and key details round

• One Click Integrations and assets and what we do at Elastic to create the guide for the customers
• Fleet / Agent Management

2. Security Demo via Eden and then moving to my deployment for custom and more deep dive talk track to ensure I don't hit permissions issues to talk about rules and actions and more granularity in new features.

https://elastic.zoom.us/rec/share/5wVPHt2g06UHW6l95YZErPwpiHf1V4FruoBZF58fg7IOsKeUYVEfytZnGBtU2ew_.jAR0gIkpYClkSlgO
Passcode: 78hW$6xt

Meeting 1:

::Activies and Agenda::

• Upgrade Elastic Deployment in Cloud to the following configuration
  • Hot Tier: 8GB
  • Machine Learning: 2GB
  • Kibana: 4GB
  • Enterprise Search: 2GB
  • Intergrations Server: 2GB

:: Start Collection Data via AGENT::

• Create a new Agent Policy
  • Add an integration for Elastic Defend to the newly created Policy
  • Save the Policy and choose to add agents later
• Add Agent via Fleet main page
  • Choose the new Policy you created
  • Navigate to the Mac tab and copy the last line of code

sudo ./elastic-agent install --url=https://f2f020c66d8a4fd4aa043885f69316e3.fleet.us-west-2.aws.found.io:443 --enrollment-token=NWJwZmtJa0JqdmZ0RmtjT0lSQno6cEQtUlVpWXNURWlWS0tPT0RKUVZvQQ==

• Once copied, you will replace the “install” command with “enroll.”
  • This will allow you to repurpose the installed elastic agent and start collecting metrics on your Elastic Deployment so we can begin creating some oy11 “observability data.”
  • Look will be below

sudo elastic-agent enroll --url=https://f2f020c66d8a4fd4aa043885f69316e3.fleet.us-west-2.aws.found.io:443 --enrollment-token=NWJwZmtJa0JqdmZ0RmtjT0lSQno6cEQtUlVpWXNURWlWS0tPT0RKUVZvQQ==

• Next, open a new terminal window on your Mac with Cmd + spacebar and type Terminal
  • Once in the terminal, you will navigate to the /Libary/Elastic folder for us to run the above command.

cd /Library/Elastic

• Now that we are in the Elastic Folder, we can run the above command, enroll the agent, and point the logs and metrics to our elastic cloud deployment.
• If you still have the Fleet page open, you should see the agent enrollment complete, and then data start flowing.

:: Elastic Agent via POC / POV::

• As an SA, we will be participating in POC and POV, in which we will assist our customers in deploying and setting up the elastic agent for not only primary data collection from the systems but also for cloud environments (AWS, AZURE, GCP)
• The main thing to remember is that we need to plan the data flowing through the agent via integrations (API or Filebeat) as an SA. We need to set the customer up for success in how many agents they will need to install on servers ( hosts) to support the number of events and logs they plan to ingest.
  • IE - Customer is doing a security POC with o365 logs, Cisco ASA. Then we need to understand how many events are coming thru a second, as the ASA could be noisy and drop events if we only have one agent running the ingest
    • We will get into this more with integrations, but agent installation is a critical knowledge in planning

:: Elastic Agent via REAL WORLD::

• Once you get through POC, the agent will be deployed via an MDM service or management tool that will install the downloaded package from the Elastic website and then upload and install it to all the hosts.
• Once installed, the customer will run a script to run the enroll with a token to the specific Policy they want the hosts to be tied to.

  • Same Method you did with the script via terminal but on a large scale

    ***:: We can discuss this more if the team has questions::***
    

::HOMEWORK:::

1. Ensure your Elastic Agent is connected and sends metrics and logs to your Elastic deployment.
   • Please ensure that Elastic Defend is on the integrations list for the new Policy your agent is connected to and linked to your deployment.
2. If you are having issues with this, uninstall and reinstall the agent and re-enroll the agent, and that will solve the 404 Fleet auth issue with the old token.

https://elastic.zoom.us/rec/share/ZVOfWnehtLNtdJlqJUT9N5FpHvMdxN4wrBSQwBKkWl5pSETpCiZlZic7sEqmV9_m.xmpHOeLxG9gfd1QT
Passcode: @34s1ffy

This recording is from an Oy11 demo for California EDD who is a current customer but they are looking to expand and grow into the Oy11 space.

There is some great dialogue from the customer and even showcasing when we don't have all the data to show but how to navigate the details.

Recording:
https://elastic.zoom.us/rec/share/iAEuuN4aXRj4vNQNzyv_Q1H0vaC_z4kh9SkFDYsBTP8suSw23v19jjQkS4V6Ihsi.2s9VcTFckIO06g9b
Passcode: 7hbtE?dG

In this recording, we talk about the 3 types of search products that Elastic has and how to showcase and demo them with key understanding and use cases around the key parameters.