Taking Event Correlation With You

Explore event correlation in information security and forensics through this Black Hat conference talk. Delve into the challenges of log analysis, behavior detection, record linkage, and expert systems. Learn about Giles, a compiler that creates event correlation engines, and discover how its output can be used to create SQL databases that function as fully-fledged event correlation engines. Understand the advantages of this approach, including the ability to deploy event correlation engines anywhere a database can be placed and access them using any programming language. Follow along with a live demo and gain insights into the performance benefits and engineering wins of this innovative approach to event correlation.

Introduction
Who am I
What is event correlation
What is Giles
Complex predicates
Holistic engines
Dirt
Giles
Facts
Fields
Facts are data
Restoring state
Example
Engineering wins
Giles guarantee
Live demo
Advantages
Performance
Reedy
Summary