YoVDO

My Bro The ELK - Obtaining Context From Security Events

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Incident Response Courses Orchestration Courses Threat Detection Courses ELK Stack Courses

Course Description

Overview

Explore a powerful open-source framework for automating security event analysis and incident response in this Black Hat conference talk. Learn how to integrate ELK (ElasticSearch, Kibana, and LogStash), Bro IDS, and community threat intelligence feeds to obtain business and security context from events in your environment. Discover techniques for collecting, storing, and visualizing data, as well as automating evidence collection for quicker response times. Gain insights into logging, live packing, Logstash configuration, Kibana visualization, threat intelligence integration, and the TARDIS Framework. Follow along as the speaker demonstrates practical applications of these tools and techniques, culminating in the release of an open-source framework designed to streamline security operations and enhance threat detection capabilities.

Syllabus

Intro
Overview
About Me
Security Architecture
Logging
Live Packing
Grow
Logs
Logstash
Kibana
The Data
Critical Stack
Bro Code
Threat Intelligence
Normalization
Conditional Filtering
Log Stash
GeoIP
Translate Plugin
Log Stash Output
GeoIP Map Output
Adding Context
TARDIS Framework
Visualization
Summary
Github


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube