Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

of

Practical Security Monitoring with ELKStack  Slide 1 Practical Security Monitoring with ELKStack  Slide 2 Practical Security Monitoring with ELKStack  Slide 3 Practical Security Monitoring with ELKStack  Slide 4 Practical Security Monitoring with ELKStack  Slide 5 Practical Security Monitoring with ELKStack  Slide 6 Practical Security Monitoring with ELKStack  Slide 7 Practical Security Monitoring with ELKStack  Slide 8 Practical Security Monitoring with ELKStack  Slide 9 Practical Security Monitoring with ELKStack  Slide 10 Practical Security Monitoring with ELKStack  Slide 11 Practical Security Monitoring with ELKStack  Slide 12 Practical Security Monitoring with ELKStack  Slide 13 Practical Security Monitoring with ELKStack  Slide 14 Practical Security Monitoring with ELKStack  Slide 15 Practical Security Monitoring with ELKStack  Slide 16 Practical Security Monitoring with ELKStack  Slide 17 Practical Security Monitoring with ELKStack  Slide 18 Practical Security Monitoring with ELKStack  Slide 19 Practical Security Monitoring with ELKStack  Slide 20 Practical Security Monitoring with ELKStack  Slide 21 Practical Security Monitoring with ELKStack  Slide 22 Practical Security Monitoring with ELKStack  Slide 23 Practical Security Monitoring with ELKStack  Slide 24 Practical Security Monitoring with ELKStack  Slide 25 Practical Security Monitoring with ELKStack  Slide 26 Practical Security Monitoring with ELKStack  Slide 27 Practical Security Monitoring with ELKStack  Slide 28 Practical Security Monitoring with ELKStack  Slide 29 Practical Security Monitoring with ELKStack  Slide 30
Upcoming SlideShare
What to Upload to SlideShare
Next

3 Likes

Share

Practical Security Monitoring with ELKStack

Understand the basics of the ELK stack and learn how to build a fully functional opensource SIEM using the ELK stack and few other opensource tools

Related Books

Free with a 30 day trial from Scribd

See all

Practical Security Monitoring with ELKStack

  1. 1. Contents  Why continuous security monitoring  Intro to ELK Stack  Install Elasticsearch and Cerebro  Install Kibana and create dashboards  Install Logstash and create config files  Install filebeat agent and forward logs
  2. 2. CONTINUOUS SECURITY MONITORING INTRODUCTION TO
  3. 3. Security Systems In Use  Firewall  Antivirus software  Web application firewall (waf)
  4. 4. SIEM
  5. 5. "In the field of computer security, security information and event management (SIEM) software products and services combine security information management (SIM) and security event management (SEM).They provide real-time analysis of security alerts generated by applications and network hardware." Wikipedia SIEM
  6. 6. The general perception is that setting up SIEM is a very expensive exercise, however with the right knowledge and skill it can be done at a fraction of the cost.
  7. 7. Functions of a SIEM Logs Log Aggregator Log Broker Correlation rules Logs Logs Logs Storage Visualization
  8. 8. Continuous Security Monitoring  End point security monitoring  Network security monitoring
  9. 9. ELK STACK PRACTICAL SECURITY MONITORING WITH
  10. 10. Functions of a SIEM Logs Log Aggregator Log Broker Correlation rules Logs Logs Logs Storage Visualization
  11. 11. Elastic Stack vs Commercial SIEM  Elastic Stack  Free, Paid support features  Outstanding visualizations  Advanced log enrichments  Capable handling high volume • Commercial SIEM • Licensed on volume, log sources, events per second • Limited log enrichment • High volume = High cost
  12. 12. Minimum Hardware Requirements  Ram: 8GB  Storage: 40GB  2 Network interfaces  CPU: 64-bit 2.0+ GHz processor or higher
  13. 13. ELASTICSEARC H
  14. 14. Install Elasticsearch #sudo dpkg -i elasticsearch-6.0.0.deb Config files locations:- Elasticsearch has three configuration files:  elasticsearch.yml for configuring Elasticsearch  jvm.options for configuring Elasticsearch JVM settings  log4j2.properties for configuring Elasticsearch logging
  15. 15. Elasticsearch  Distributed, real-time data store, real-time analysis full text search engine  Opensource  Highly scalable
  16. 16. Indices, Shards and Replicas  An index is stored on a node, which is a part of a cluster  Indices are broken into shards  Each shard is either a primary or replica  Each log item is a document that contains fields and values
  17. 17. CEREBRO
  18. 18. Cerebro  Cerebro is an opensource Elasticsearh web admin tool  Displays cluster health  Makes index managements easy
  19. 19. Install Cerebro #sudo unzip cerebro-0.7.1.zip -d /opt #sudo mv /opt/cerebro-0.7.1/ /opt/cerebro/ Create a user for cerebro #sudo useradd cerebro Give permissions for the user #sudo chown -R cerebro: /opt/cerebro/ Create a service for cerebro #sudo cp cerebro.service /etc/systemd/system #sudo systemctl daemon-reload #sudo systemctl enable cerebro.service #sudo service cerebro start
  20. 20. KIBANA
  21. 21. Install Kibana #sudo dpkg -i kibana-6.0.0-amd64.deb Enable kibana service #sudo systemctl enable kibana.service Start kibana service #sudo service kibana start
  22. 22. LOGSTASH
  23. 23. Install Logstash #sudo dpkg -I logstash-6.2.1.deb Config file jvm.options
  24. 24. Logstash Config File Format input{ } filter{ } output{ }
  25. 25. Logstash Config File Format input { stdin { codec => "json" } } filter { if [event_id] == 123 { drop { } } } output { stdout { codec => rubydebug } }
  26. 26. THANK YOU
  27. 27. FOLLOW US ON /econIntconference @econ_int @int.econ
  • IanLi1

    May. 23, 2020
  • rvinodkumar

    Jun. 21, 2019
  • BuddhimaMaX

    Jun. 20, 2019

Understand the basics of the ELK stack and learn how to build a fully functional opensource SIEM using the ELK stack and few other opensource tools

Views

Total views

668

On Slideshare

0

From embeds

0

Number of embeds

4

Actions

Downloads

0

Shares

0

Comments

0

Likes

3

×