Bronk, Chris2018-06-222018-06-22May 20182018-05May 2018http://hdl.handle.net/10657/3108Organizations of all sizes are fighting the same security battles while attackers keep changing the threat landscape by developing new tools and targeting victim endpoints; however, their attack kill chain along with motives have not changed, as their attacks initialize the same way and their end goal is usually data exfiltration of Intellectual property, or credit card information. This thesis proposes and evaluates The Elasticsearch Stack solution (ELK), an enterprise-grade logging repository and search engine to provide active threat hunting in a Windows enterprise environment. The initial phases of this thesis focus on the data quality, unsupervised machine learning, and newly developed attack frameworks such as MITRE’s (ATT&CK) as prerequisites to developing the proposed solution. Lastly, by using publicly known Attack Kill Chain methodologies such as Mandiant’s, several attack use cases were developed and tested against the ELK stack to ensure that logging was adequate to cover most attack vectors.application/pdfengThe author of this work is the copyright owner. UH Libraries and the Texas Digital Library have their permission to store and provide access to this work. Further transmission, reproduction, or presentation of this work is prohibited except with permission of the author(s).ElasticsearchLogstashAttack kill chainThreat hunting2018-06-22Thesisborn digital