by Madhu Akula (@madhuakula) on Wednesday, 20 January 2016
- Technical level
This workshop contains how we can make ELK stack to replace the traditional SOC. Apart from ELK participants will create their own custom filters and parsers. We also integrate with alerting system for visibility and better understanding of attacks & statistics of infrastructure resources and attacks by kibana.
At the end of the workshop they will get customized templates, configs and best practices to deploy in production environments. This workshop benefits for individual to entrepreneur level.
As an Internal DevOps Network engineer / Incident Response team, I want to build an in-house free/Open-source centralized visualization and attack monitoring dashboard which co-relates all the logs from various devices (firewalls, routers, other security appliances) and servers and show you real-time analysis using ELK stack. Even if you manage to have such inventory, the other big challenge is to maintain such huge data and keep them updated. I would like to solve this problem by providing statistics and visual representation for the inventory and also provide intelligent recommendation for any future threats.
It Includes :
- Understanding problems with traditional logging
- Introduction to ELK Stack (Elastic Search, Log stash, Kibana)
- Writing custom parsers using grok filters and scripts
- Setting up the logstash for forwarding logs from different sources
- Correlating the logs and centralized management
- Elastic search clustering and configuration
- Advanced custom plugins like (Head,HQ,Bigdesk,etc)
- Configuring and setting up the Kibana3 and Kibana4
- Creating dashboards with custom queries and visualizations
- Making better understanding about infrastructure and attacks
- Alerting for certain patterns and events
- Best practices and production deployment tips
- Bring your laptop with admin privileges.
- You will need at least 20 GB of free space for virtual machines.
- The laptop should have a working wireless connection.
- Your laptop should be capable of running Virtual Box.
Madhu Akula is a Security Researcher, Chapter Lead & Regular Speaker at Null - The Open Security Community . Contributed to the open source community and found some severe vulnerabilities in Ntop-NG, OCS-NG, Opendocman, Wordpress and plugins,etc. Listed in Google, Microsoft, Yahoo, LinkedIn, Adobe, At&t, Cisco, Blackberry and more than 100+ giant companies for finding security vulnerabilities. Won first prize in DevOps Hackthon conducted by InMobi among 200 teams. Having good experience in Network, Web application security and worked in the variety of areas. Worked with Indian Navy, Qatar MOI and Oracle University to give trainings. Trained more than 3000 people in the field of Ethical Hacking by various workshops and trainings.
For more details https://in.linkedin.com/in/madhuakula