Skip to content

Lab 2.1: Elastic Setup

Est. Time: 15 minutes

Goals:

  • Set up your Elastic Cloud account
  • Enable MFA

Instructions

  1. Elastic cloud setup is very easy and doesn’t require much work. Start by going to: https://cloud.elastic.co/registration and enter a username and password
    1. You will likely be asked to enter a code sent to your email to verify. Elastic sometimes will use this as your default multifactor authentication.
  2. On the next page you may be prompted to enter name and your reasons and interests for trying Elastic. From my experience these answers don’t necessarily matter.

  3. When asked by Elastic which use case you want to try, select Security with Elasticsearch

    image.png

  4. You may also be asked if you would like your Elastic instance to be Hosted or Serverless. If you want full control over the cluster, select Hosted, but I recommend Serverless for this course.

    image.png

  5. When asked where you want your data to be stored, the default is probably fine. This really only matters if you plan to use this SIEM as production after the course, in which case you want it stored on the cloud service most familiar to you, in your region.

    image.png

  6. Click “Launch”, and Elastic will begin spinning up your instance.

    image.png

  7. You may be provided with deployment credentials for your root account. If you see these, make sure you save them. Not everyone receives that pop-up, in most cases your account is the root account.

  8. This should only take a few minutes and then: boom; your infrastructure is set up.

    CleanShot 2026-02-06 at 10.41.16.png

  9. To navigate to the main page of Elastic, just click the logo in the top left. Right now, you're on the setup guides; but don't worry, we'll do any necessary setup throughout these labs. However if you want to explore the guides later, you can get back to them through the green “Setup guides” button in the top right of the screen.

  10. Now to briefly explore the management side of Elastic. Select your project name on the top left and select “Manage project”.

    CleanShot 2026-02-06 at 10.42.04.png

    1. This takes you to your infrastructure deployment management page. Depending on whether you selected a Serverless or Hosted deployment, you may have different options available to you, and your view will be different.

    2. You can do various things from this page in terms of management, including accessing analytics, setting organizational or security settings, and scaling up your instance should you need to. You likely will not need to do anything here, and shouldn’t mess with any of the infrastructure settings.

    3. Before we go forward with the course let’s secure our account a little since this is a cloud-based application.
    4. NOTE: Depending on your deployment type, Elastic may not allow you to add MFA — This just means it is using your email as the authentication method. If that is the case, skip this step.

    5. Click your user in the top right and select “Profile”.

    6. Scroll down and enable MFA.

  11. But how do I get back to Elastic now!? Simple enough.

    1. Click the Elastic logo in the top left, then select “Open” on your project.

      CleanShot 2026-02-06 at 10.48.44.png

    2. This is where you would also manage multiple deployments if you had them

    3. Now you’re back at your fully functional ElasticSearch cluster.

    image.png

Help and Tips

  • The management interface is where you would manage and configure multiple Elastic deployments. It is also where you would go to scale up or down your instance if you’re on a hosted deployment.
  • While on a trial I highly suggest not tinkering with the architecture; after your trial ends, if you want to continue using it you can either start paying for Elastic or you can request a trail extension. You can request an extension a few ways; the primary being you can click on the trial expired status message and request an extension there.
  • Elastic has two deployment methods: Serverless and Hosted. Serverless is usually provided as an option, and is preferred, but in some cases students have been forced into a Hosted option. The same instructions generally apply, the UI will just look slightly different.

Additional References

  • Deploying Elastic Cloud (Hosted)
    • This is a resource for creating additional deployments. This is not relevant to the class since we will be using a trial of Elastic.