1. Deploy ELK server (using 480-cloner) This doesn't need an explanation as its been done many times before, i'm just gonna clone the ubuntu blue servers
2. Install agent ansible
3. Spent 2 hours at the beginning of this lab cause my blue network couldn't reach the internet but I was able to successfully reach the internet after adding 8.8.8.8 to the blue1-fw nameserver as well as append the gateway to the nameservers section of each box.

Lets do milestone 1 (installing siem into the newly segmented blue network of the vcenter infrastructure)

0. Install necessities on the cloned ubtuntu server

• ensure ansible installed on ubuntu server: ansible --version

• if not: sudo apt-get update sudo apt-get install ansible

• install necessities for elastic: ansible-galaxy install elastic.elasticsearch ansible-galaxy install elastic.logstash ansible-galaxy install elastic.kibana

1. Inventory File

• I could set this up in the linux Invnetory server but ive decided on just making it its own so it has no errors, this was pretty easy as all that was required was of course just putting the elkservers ip as well as specifying the elk user.

2. GPG key is required in order to install ELk

3. Download the remote repository for downloading ELK (Many other times weve had to install remote directories of tools because theyre not in the default apt repository, once the repository is installed via ansible we can actually install the components of the elk stack.