NHS Elastic Stack: Access Control and Log Rotations
Penntech held discussions with the NHS Trust and agreed to implement Elastic Stack (ELK) which consisted of Elastic Search, Beats, Logstash and Kibana.
Penntech held discussions with the NHS Trust and agreed to implement Elastic Stack (ELK) which consisted of Elastic Search, Beats, Logstash and Kibana.
NHS Digital had reported that this particular NHS Trust did not have sufficient Log Rotations in place for their servers.
Penntech held discussions with the NHS Trust and agreed to implement Elastic Stack (ELK) which consisted of Elastic Search, Beats, Logstash and Kibana.
These ELK products were installed onto new Windows 2019 servers and provided the necessary logs for the Trust to have across DHCP, DNS, and Security logs.
The Beats product that was used to distribute the DHCP logs was called Filebeat, as this was able to capture the DHCP log file on the Active Directory servers and push the information contained through to Logstash > Elastic > Kibana.
Winlogbeat was used to push the security logs from the DNS servers to Kibana, via the same pipeline method as Filebeat.
The use of ELK was expanded to analyse data shares within the Trust and assist with share access reporting. Penntech then applied the reported data to lock down the shares to enhance security.
Penntech installed and configured Beats (Winlogbeat and Filebeat) on each file server to push relevant data from the file servers to the dashboard.
A technical report was provided to enable the Trust to understand the works carried out. As a result of Penntech’s technical expertise, the Trust can now self-manage the system internally.
Similar projects have been carried out across UK-wide NHS Trusts
Massive was asked by a client to provide a Cyber Insurance policy. Rather than simply getting a policy they used this request to become compliant with Cyber Essentials.