Attack Monitoring Using ELK #outofband #ELK #osquery #filebeat #ElasticSearch

Sunday, May 8, 2016

Attack Monitoring Using ELK #outofband #ELK #osquery #filebeat #ElasticSearch

Me and Himanshu took a one day Null Bachaav session yesterday on Attack monitoring.

It was a good turnout with a mix of people with very little knowledge of SIEM to someone who has been full time working on SIEM products. We covered most of topics that we normally deliver in a 2 day workshop at NullCon. Sharing the presentation below.

Tweet me @prajalkulkarni if you need help with any specific topics.

Some references:

CloudFares #outofband DDOS protection :https://www.youtube.com/watch?v=XiK4643YdOk

Integrate Bro IDS with ELK : https://www.elastic.co/blog/bro-ids-elastic-stack

Osquery in action: https://medium.com/airbnb-engineering/introducing-syslog-to-aws-kinesis-via-osquery-da4fc19de5ce#.55om4ud0g

https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/fayaz

Prajal Kulkarni | Web Security

Sunday, May 8, 2016

Attack Monitoring Using ELK #outofband #ELK #osquery #filebeat #ElasticSearch

No comments :

Post a Comment