My Bro The ELK - Obtaining Context From Security Events

Explore a powerful open-source framework for automating security event analysis and incident response in this Black Hat conference talk. Learn how to integrate ELK (ElasticSearch, Kibana, and LogStash), Bro IDS, and community threat intelligence feeds to obtain business and security context from events in your environment. Discover techniques for collecting, storing, and visualizing data, as well as automating evidence collection for quicker response times. Gain insights into logging, live packing, Logstash configuration, Kibana visualization, threat intelligence integration, and the TARDIS Framework. Follow along as the speaker demonstrates practical applications of these tools and techniques, culminating in the release of an open-source framework designed to streamline security operations and enhance threat detection capabilities.

Intro
Overview
About Me
Security Architecture
Logging
Live Packing
Grow
Logs
Logstash
Kibana
The Data
Critical Stack
Bro Code
Threat Intelligence
Normalization
Conditional Filtering
Log Stash
GeoIP
Translate Plugin
Log Stash Output
GeoIP Map Output
Adding Context
TARDIS Framework
Visualization
Summary
Github