SOF-ELK^® Workshop Labs

Copyright ©2025, Lewes Technology Consulting, LLC. All rights reserved.

Foreword

This site provides the hands-on lab instructions for the SOF-ELK Workshop.

If you like this kind of content and hands-on guided lab material, take a look at SANS FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response, where we have 30+ hours of lab material, including an all-day Capstone lab with a massive amount of realistic evidence from a carefully executed attack that simulates a state-level adversary.

Workshop participants will receive a Virtual Machine and other lab-specific files in class. However, most of these labs can also be accomplished with the public version of the SOF-ELK platform, which at this time is v2025-10-10. Outside of the workshop itself, no support is provided for this material.

Enjoy!

Phil Hagen, Lewes Technology Consulting, LLC

SANS Faculty Fellow and FOR572 Course Author

Trademarks

• All content in this workbok ©2025 Lewes Technology Consulting, LLC. All rights reserved.
• SOF-ELK^® is a registered trademark of Lewes Technology Consulting, LLC. All rights reserved.