SlideShare a Scribd company logo

Analyse de sécurité de bout en bout avec la Suite Elastic

Elasticsearch
Elasticsearch

Vous voulez prendre une longueur d’avance sur la concurrence, dans l’univers en constante évolution des solutions de sécurité ? Découvrez comment créer une plateforme centralisée d’analyse de la sécurité qui réponde à vos exigences de volumétrie et de rapidité d’investigation.

Technology
1 of 27
Download to read offline
Vincent Maury Solutions Architect End-to-End Security Analytics with the Elastic Stack
Is security a love killer?
Let’s hunt!
Foundation for Effective Security Analysis (1/2) • Collect all parts of the puzzle • Normalize for aggregation and correlation across sources • Enrich to extend attributes available for analysis • Index data for fast search and analytics Collect Normalize Enrich Index
What Are Beats? Lightweight data shippers for *nix systems, macOS and Windows Packetbeat Traffic (I/O) Processes TLS HTTP payloads DNS Metricbeat Metrics Processes State of services PaaS modules Auditbeat Unix audit daemon File integrity Processes & users Monitor anything! Filebeat File shipper Osquery integ Winlogbeat Windows events AD activity Remote desktop Windows FW Sysmon integ inc MSSQL… Heartbeat TCP/UDP ICMP HTTP Expired TLS Journalbeat Systemd logs
Threat Intelligence Geo IP Information Other Information • Reputation information • Spammers (Spamhaus) • TIP feeds (STIX/TAXII) • Abuse.ch • Top N websites (WL) Data Enrichment • Country, State, … • Postal Code • Geo Fence • ISP • ASN • User Agent • Network model • CMDB • AD (user group…) • DNS (and reverse)
Logstash Inputs Beats … … JDBC … … TCP UDP HTTP Filters Extract Fields Geo Enrich Lookup Enrich DNS Lookups Pattern Matching ArcSight Codec … Network / Security Data Syslog Servers Infra / App Data IoT / Sensors Persistent Disk Based Queues Normalization and Enrichment Using Logstash Beats Outputs Elasticsearch … … … … … Kafka RabbitMQ RDBMS Centralized Configuration Management Elasticsearch
Foundation for Effective Security Analysis (2/2) • Analyze using machine learning (behavioral approach) • Alert on anomalies • Investigate at scale AlertAnalyze InvestigateIndex
Temporal and population analysis When something behaves like itself Monday Tuesday Wednesday Thursday When something behaves like its peers Friday
Integrating Alerts with Other Systems SOAR* Security Applications SDN Switches Messaging Services Issue Tracking Services Alerting *SOAR: Security Orchestration and Automated Response
Demo platform – payments.swiftcrypto.com Elasticsearch Beats Modsecurity Bad IPs GeoIP ASN User Agent CT Vacations Logstash James Spiteri Machine Learning Alerting Logstash Slack
DEMO 18
Wrap up 1. Captured data from everywhere (network, host, security devices, threat intel…) 2. Enriched (geo, security, user) 3. Displayed 4. Analyzed (static and learning approaches) 5. Alerted (Notification & ticket) 6. Reacted (IP block) 7. Investigated
20
The sky’s the limit 21
22 Key take-aways • Full stack view • Anomaly detection & response • Investigation at scale
IT’S A MATCH! Tinder and Elastic liked each other. elastic.co/elasticon/tour/2015/los-angeles/keeping-your-data-from-getting-swiped-right-away-security-analytics-at-tinder elastic.co/elasticon/conf/2017/sf/tinder-using-the-elastic-stack-to-make-connections-around-the-world
You know, for love
Thank you! Come and find us all at the AMA Booth James Spiteri

Recommended

Logging, indicateurs et APM : le trio gagnant pour des opérations réussies
Logging, indicateurs et APM : le trio gagnant pour des opérations réussiesLogging, indicateurs et APM : le trio gagnant pour des opérations réussies
Logging, indicateurs et APM : le trio gagnant pour des opérations réussiesElasticsearch
 
How KeyBank Used Elastic to Build an Enterprise Monitoring Solution
How KeyBank Used Elastic to Build an Enterprise Monitoring SolutionHow KeyBank Used Elastic to Build an Enterprise Monitoring Solution
How KeyBank Used Elastic to Build an Enterprise Monitoring SolutionElasticsearch
 
Elastic at KPN
Elastic at KPNElastic at KPN
Elastic at KPNElasticsearch
 
Logging, Metrics, and APM: The Operations Trifecta (P)
Logging, Metrics, and APM: The Operations Trifecta (P)Logging, Metrics, and APM: The Operations Trifecta (P)
Logging, Metrics, and APM: The Operations Trifecta (P)Elasticsearch
 
University of Oxford: building a next generation SIEM
University of Oxford: building a next generation SIEMUniversity of Oxford: building a next generation SIEM
University of Oxford: building a next generation SIEMElasticsearch
 
Building a reliable and cost effect logging system at Box
Building a reliable and cost effect logging system at Box Building a reliable and cost effect logging system at Box
Building a reliable and cost effect logging system at Box Elasticsearch
 
Architectural Best Practices to Master + Pitfalls to Avoid (P)
Architectural Best Practices to Master + Pitfalls to Avoid (P) Architectural Best Practices to Master + Pitfalls to Avoid (P)
Architectural Best Practices to Master + Pitfalls to Avoid (P) Elasticsearch
 
Why Elastic? @ 50th Vinitaly 2016
Why Elastic? @ 50th Vinitaly 2016Why Elastic? @ 50th Vinitaly 2016
Why Elastic? @ 50th Vinitaly 2016Christoph Wurm
 

Recommended

Logging, indicateurs et APM : le trio gagnant pour des opérations réussies
Logging, indicateurs et APM : le trio gagnant pour des opérations réussiesLogging, indicateurs et APM : le trio gagnant pour des opérations réussies
Logging, indicateurs et APM : le trio gagnant pour des opérations réussiesElasticsearch
 
How KeyBank Used Elastic to Build an Enterprise Monitoring Solution
How KeyBank Used Elastic to Build an Enterprise Monitoring SolutionHow KeyBank Used Elastic to Build an Enterprise Monitoring Solution
How KeyBank Used Elastic to Build an Enterprise Monitoring SolutionElasticsearch
 
Elastic at KPN
Elastic at KPNElastic at KPN
Elastic at KPNElasticsearch
 
Logging, Metrics, and APM: The Operations Trifecta (P)
Logging, Metrics, and APM: The Operations Trifecta (P)Logging, Metrics, and APM: The Operations Trifecta (P)
Logging, Metrics, and APM: The Operations Trifecta (P)Elasticsearch
 
University of Oxford: building a next generation SIEM
University of Oxford: building a next generation SIEMUniversity of Oxford: building a next generation SIEM
University of Oxford: building a next generation SIEMElasticsearch
 
Building a reliable and cost effect logging system at Box
Building a reliable and cost effect logging system at Box Building a reliable and cost effect logging system at Box
Building a reliable and cost effect logging system at Box Elasticsearch
 
Architectural Best Practices to Master + Pitfalls to Avoid (P)
Architectural Best Practices to Master + Pitfalls to Avoid (P) Architectural Best Practices to Master + Pitfalls to Avoid (P)
Architectural Best Practices to Master + Pitfalls to Avoid (P) Elasticsearch
 
Why Elastic? @ 50th Vinitaly 2016
Why Elastic? @ 50th Vinitaly 2016Why Elastic? @ 50th Vinitaly 2016
Why Elastic? @ 50th Vinitaly 2016Christoph Wurm
 
Optimizing Elastic for Search at McQueen Solutions
Optimizing Elastic for Search at McQueen SolutionsOptimizing Elastic for Search at McQueen Solutions
Optimizing Elastic for Search at McQueen SolutionsElasticsearch
 
Speeding Up Atlas Deep Learning Platform with Alluxio + Fluid
Speeding Up Atlas Deep Learning Platform with Alluxio + FluidSpeeding Up Atlas Deep Learning Platform with Alluxio + Fluid
Speeding Up Atlas Deep Learning Platform with Alluxio + FluidAlluxio, Inc.
 
New York Elastic{ON} Tour Opening Keynote
New York Elastic{ON} Tour Opening KeynoteNew York Elastic{ON} Tour Opening Keynote
New York Elastic{ON} Tour Opening KeynoteElasticsearch
 
Presto: Fast SQL-on-Anything Across Data Lakes, DBMS, and NoSQL Data Stores
Presto: Fast SQL-on-Anything Across Data Lakes, DBMS, and NoSQL Data StoresPresto: Fast SQL-on-Anything Across Data Lakes, DBMS, and NoSQL Data Stores
Presto: Fast SQL-on-Anything Across Data Lakes, DBMS, and NoSQL Data StoresAlluxio, Inc.
 
What’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackWhat’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackElasticsearch
 
Elastic v5.0.0 Update uptoalpha3 v0.2 - 김종민
Elastic v5.0.0 Update uptoalpha3 v0.2 - 김종민Elastic v5.0.0 Update uptoalpha3 v0.2 - 김종민
Elastic v5.0.0 Update uptoalpha3 v0.2 - 김종민NAVER D2
 
How to Develop and Operate Cloud Native Data Platforms and Applications
How to Develop and Operate Cloud Native Data Platforms and ApplicationsHow to Develop and Operate Cloud Native Data Platforms and Applications
How to Develop and Operate Cloud Native Data Platforms and ApplicationsAlluxio, Inc.
 
Hunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackHunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackElasticsearch
 
Architecture Best Practices to Master + Pitfalls to Avoid
Architecture Best Practices to Master + Pitfalls to AvoidArchitecture Best Practices to Master + Pitfalls to Avoid
Architecture Best Practices to Master + Pitfalls to AvoidElasticsearch
 
Exploring Alluxio for Daily Tasks at Robinhood
Exploring Alluxio for Daily Tasks at RobinhoodExploring Alluxio for Daily Tasks at Robinhood
Exploring Alluxio for Daily Tasks at RobinhoodAlluxio, Inc.
 
Palestra de abertura: Evolução e visão do Elastic Observability
Palestra de abertura: Evolução e visão do Elastic ObservabilityPalestra de abertura: Evolução e visão do Elastic Observability
Palestra de abertura: Evolução e visão do Elastic ObservabilityElasticsearch
 
Better Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & SpiritsBetter Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & SpiritsElasticsearch
 
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log AnalyticsElastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log AnalyticsElasticsearch
 
Migrating a legacy logging system: Etsy’s journey to Elastic Cloud
Migrating a legacy logging system: Etsy’s journey to Elastic CloudMigrating a legacy logging system: Etsy’s journey to Elastic Cloud
Migrating a legacy logging system: Etsy’s journey to Elastic CloudElasticsearch
 
Replicate Elasticsearch Data with Cross-Cluster Replication (CCR)
Replicate Elasticsearch Data with Cross-Cluster Replication (CCR)Replicate Elasticsearch Data with Cross-Cluster Replication (CCR)
Replicate Elasticsearch Data with Cross-Cluster Replication (CCR)Elasticsearch
 
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...Elasticsearch
 
Monitoring docker, k8s and your applications with the elastic stack
Monitoring docker, k8s and your applications with the elastic stackMonitoring docker, k8s and your applications with the elastic stack
Monitoring docker, k8s and your applications with the elastic stackSmartWave
 
Elastic at Procter & Gamble: A Network Story
Elastic at Procter & Gamble: A Network StoryElastic at Procter & Gamble: A Network Story
Elastic at Procter & Gamble: A Network StoryElasticsearch
 
Apache edgent
Apache edgentApache edgent
Apache edgentYogesh BG
 
Iceberg + Alluxio for Fast Data Analytics
Iceberg + Alluxio for Fast Data AnalyticsIceberg + Alluxio for Fast Data Analytics
Iceberg + Alluxio for Fast Data AnalyticsAlluxio, Inc.
 
Empower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic StackEmpower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic StackElasticsearch
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 

More Related Content

What's hot

Optimizing Elastic for Search at McQueen Solutions
Optimizing Elastic for Search at McQueen SolutionsOptimizing Elastic for Search at McQueen Solutions
Optimizing Elastic for Search at McQueen SolutionsElasticsearch
 
Speeding Up Atlas Deep Learning Platform with Alluxio + Fluid
Speeding Up Atlas Deep Learning Platform with Alluxio + FluidSpeeding Up Atlas Deep Learning Platform with Alluxio + Fluid
Speeding Up Atlas Deep Learning Platform with Alluxio + FluidAlluxio, Inc.
 
New York Elastic{ON} Tour Opening Keynote
New York Elastic{ON} Tour Opening KeynoteNew York Elastic{ON} Tour Opening Keynote
New York Elastic{ON} Tour Opening KeynoteElasticsearch
 
Presto: Fast SQL-on-Anything Across Data Lakes, DBMS, and NoSQL Data Stores
Presto: Fast SQL-on-Anything Across Data Lakes, DBMS, and NoSQL Data StoresPresto: Fast SQL-on-Anything Across Data Lakes, DBMS, and NoSQL Data Stores
Presto: Fast SQL-on-Anything Across Data Lakes, DBMS, and NoSQL Data StoresAlluxio, Inc.
 
What’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackWhat’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackElasticsearch
 
Elastic v5.0.0 Update uptoalpha3 v0.2 - 김종민
Elastic v5.0.0 Update uptoalpha3 v0.2 - 김종민Elastic v5.0.0 Update uptoalpha3 v0.2 - 김종민
Elastic v5.0.0 Update uptoalpha3 v0.2 - 김종민NAVER D2
 
How to Develop and Operate Cloud Native Data Platforms and Applications
How to Develop and Operate Cloud Native Data Platforms and ApplicationsHow to Develop and Operate Cloud Native Data Platforms and Applications
How to Develop and Operate Cloud Native Data Platforms and ApplicationsAlluxio, Inc.
 
Hunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackHunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackElasticsearch
 
Architecture Best Practices to Master + Pitfalls to Avoid
Architecture Best Practices to Master + Pitfalls to AvoidArchitecture Best Practices to Master + Pitfalls to Avoid
Architecture Best Practices to Master + Pitfalls to AvoidElasticsearch
 
Exploring Alluxio for Daily Tasks at Robinhood
Exploring Alluxio for Daily Tasks at RobinhoodExploring Alluxio for Daily Tasks at Robinhood
Exploring Alluxio for Daily Tasks at RobinhoodAlluxio, Inc.
 
Palestra de abertura: Evolução e visão do Elastic Observability
Palestra de abertura: Evolução e visão do Elastic ObservabilityPalestra de abertura: Evolução e visão do Elastic Observability
Palestra de abertura: Evolução e visão do Elastic ObservabilityElasticsearch
 
Better Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & SpiritsBetter Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & SpiritsElasticsearch
 
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log AnalyticsElastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log AnalyticsElasticsearch
 
Migrating a legacy logging system: Etsy’s journey to Elastic Cloud
Migrating a legacy logging system: Etsy’s journey to Elastic CloudMigrating a legacy logging system: Etsy’s journey to Elastic Cloud
Migrating a legacy logging system: Etsy’s journey to Elastic CloudElasticsearch
 
Replicate Elasticsearch Data with Cross-Cluster Replication (CCR)
Replicate Elasticsearch Data with Cross-Cluster Replication (CCR)Replicate Elasticsearch Data with Cross-Cluster Replication (CCR)
Replicate Elasticsearch Data with Cross-Cluster Replication (CCR)Elasticsearch
 
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...Elasticsearch
 
Monitoring docker, k8s and your applications with the elastic stack
Monitoring docker, k8s and your applications with the elastic stackMonitoring docker, k8s and your applications with the elastic stack
Monitoring docker, k8s and your applications with the elastic stackSmartWave
 
Elastic at Procter & Gamble: A Network Story
Elastic at Procter & Gamble: A Network StoryElastic at Procter & Gamble: A Network Story
Elastic at Procter & Gamble: A Network StoryElasticsearch
 
Apache edgent
Apache edgentApache edgent
Apache edgentYogesh BG
 
Iceberg + Alluxio for Fast Data Analytics
Iceberg + Alluxio for Fast Data AnalyticsIceberg + Alluxio for Fast Data Analytics
Iceberg + Alluxio for Fast Data AnalyticsAlluxio, Inc.
 

What's hot (20)

Optimizing Elastic for Search at McQueen Solutions
Optimizing Elastic for Search at McQueen SolutionsOptimizing Elastic for Search at McQueen Solutions
Optimizing Elastic for Search at McQueen Solutions
 
Speeding Up Atlas Deep Learning Platform with Alluxio + Fluid
Speeding Up Atlas Deep Learning Platform with Alluxio + FluidSpeeding Up Atlas Deep Learning Platform with Alluxio + Fluid
Speeding Up Atlas Deep Learning Platform with Alluxio + Fluid
 
New York Elastic{ON} Tour Opening Keynote
New York Elastic{ON} Tour Opening KeynoteNew York Elastic{ON} Tour Opening Keynote
New York Elastic{ON} Tour Opening Keynote
 
Presto: Fast SQL-on-Anything Across Data Lakes, DBMS, and NoSQL Data Stores
Presto: Fast SQL-on-Anything Across Data Lakes, DBMS, and NoSQL Data StoresPresto: Fast SQL-on-Anything Across Data Lakes, DBMS, and NoSQL Data Stores
Presto: Fast SQL-on-Anything Across Data Lakes, DBMS, and NoSQL Data Stores
 
What’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackWhat’s Evolving in the Elastic Stack
What’s Evolving in the Elastic Stack
 
Elastic v5.0.0 Update uptoalpha3 v0.2 - 김종민
Elastic v5.0.0 Update uptoalpha3 v0.2 - 김종민Elastic v5.0.0 Update uptoalpha3 v0.2 - 김종민
Elastic v5.0.0 Update uptoalpha3 v0.2 - 김종민
 
How to Develop and Operate Cloud Native Data Platforms and Applications
How to Develop and Operate Cloud Native Data Platforms and ApplicationsHow to Develop and Operate Cloud Native Data Platforms and Applications
How to Develop and Operate Cloud Native Data Platforms and Applications
 
Hunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackHunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic Stack
 
Architecture Best Practices to Master + Pitfalls to Avoid
Architecture Best Practices to Master + Pitfalls to AvoidArchitecture Best Practices to Master + Pitfalls to Avoid
Architecture Best Practices to Master + Pitfalls to Avoid
 
Exploring Alluxio for Daily Tasks at Robinhood
Exploring Alluxio for Daily Tasks at RobinhoodExploring Alluxio for Daily Tasks at Robinhood
Exploring Alluxio for Daily Tasks at Robinhood
 
Palestra de abertura: Evolução e visão do Elastic Observability
Palestra de abertura: Evolução e visão do Elastic ObservabilityPalestra de abertura: Evolução e visão do Elastic Observability
Palestra de abertura: Evolução e visão do Elastic Observability
 
Better Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & SpiritsBetter Search and Business Analytics at Southern Glazer’s Wine & Spirits
Better Search and Business Analytics at Southern Glazer’s Wine & Spirits
 
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log AnalyticsElastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
 
Migrating a legacy logging system: Etsy’s journey to Elastic Cloud
Migrating a legacy logging system: Etsy’s journey to Elastic CloudMigrating a legacy logging system: Etsy’s journey to Elastic Cloud
Migrating a legacy logging system: Etsy’s journey to Elastic Cloud
 
Replicate Elasticsearch Data with Cross-Cluster Replication (CCR)
Replicate Elasticsearch Data with Cross-Cluster Replication (CCR)Replicate Elasticsearch Data with Cross-Cluster Replication (CCR)
Replicate Elasticsearch Data with Cross-Cluster Replication (CCR)
 
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
 
Monitoring docker, k8s and your applications with the elastic stack
Monitoring docker, k8s and your applications with the elastic stackMonitoring docker, k8s and your applications with the elastic stack
Monitoring docker, k8s and your applications with the elastic stack
 
Elastic at Procter & Gamble: A Network Story
Elastic at Procter & Gamble: A Network StoryElastic at Procter & Gamble: A Network Story
Elastic at Procter & Gamble: A Network Story
 
Apache edgent
Apache edgentApache edgent
Apache edgent
 
Iceberg + Alluxio for Fast Data Analytics
Iceberg + Alluxio for Fast Data AnalyticsIceberg + Alluxio for Fast Data Analytics
Iceberg + Alluxio for Fast Data Analytics
 

Similar to Analyse de sécurité de bout en bout avec la Suite Elastic

Empower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic StackEmpower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic StackElasticsearch
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
How Elastic Security Meets SOC Needs
How Elastic Security Meets SOC NeedsHow Elastic Security Meets SOC Needs
How Elastic Security Meets SOC NeedsAnna Ossowski
 
End-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic StackEnd-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic StackElasticsearch
 
Splunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk
 
Azure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAsaf Nakash
 
HSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECHHSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECHSplend
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for StreamSplunk
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Splunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk
 
Security Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapSecurity Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapEric Johansen, CISSP
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiJeremy Li
 
The Challenges, Gaps and Future Trends: Network Security
The Challenges, Gaps and Future Trends: Network SecurityThe Challenges, Gaps and Future Trends: Network Security
The Challenges, Gaps and Future Trends: Network SecurityDeris Stiawan
 
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...MrityunjayaHikkalgut1
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisJason Trost
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 

Similar to Analyse de sécurité de bout en bout avec la Suite Elastic (20)

Empower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic StackEmpower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic Stack
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
 
How Elastic Security Meets SOC Needs
How Elastic Security Meets SOC NeedsHow Elastic Security Meets SOC Needs
How Elastic Security Meets SOC Needs
 
End-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic StackEnd-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic Stack
 
Splunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EU
 
Azure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and compliance
 
HSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECHHSB15 - Pavel Minarik - INVEATECH
HSB15 - Pavel Minarik - INVEATECH
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
 
Splunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational Intelligence
 
Security Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapSecurity Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM Gap
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy Li
 
InfoSecurity.be 2011
InfoSecurity.be 2011InfoSecurity.be 2011
InfoSecurity.be 2011
 
The Challenges, Gaps and Future Trends: Network Security
The Challenges, Gaps and Future Trends: Network SecurityThe Challenges, Gaps and Future Trends: Network Security
The Challenges, Gaps and Future Trends: Network Security
 
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
 
Network forensics1
Network forensics1Network forensics1
Network forensics1
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
ISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdfISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdf
 

More from Elasticsearch

An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxElasticsearch
 
From MSP to MSSP using Elastic
From MSP to MSSP using ElasticFrom MSP to MSSP using Elastic
From MSP to MSSP using ElasticElasticsearch
 
Cómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webCómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webElasticsearch
 
Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Elasticsearch
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudElasticsearch
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesElasticsearch
 
Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Elasticsearch
 
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Elasticsearch
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxElasticsearch
 
Welcome to a new state of find
Welcome to a new state of findWelcome to a new state of find
Welcome to a new state of findElasticsearch
 
Building great website search experiences
Building great website search experiencesBuilding great website search experiences
Building great website search experiencesElasticsearch
 
Keynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchKeynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchElasticsearch
 
Cómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesCómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesElasticsearch
 
Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Elasticsearch
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesElasticsearch
 
Transforming data into actionable insights
Transforming data into actionable insightsTransforming data into actionable insights
Transforming data into actionable insightsElasticsearch
 
Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Elasticsearch
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentElasticsearch
 
The opportunities and challenges of data for public good
The opportunities and challenges of data for public goodThe opportunities and challenges of data for public good
The opportunities and challenges of data for public goodElasticsearch
 
Enterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticEnterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticElasticsearch
 

More from Elasticsearch (20)

An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
 
From MSP to MSSP using Elastic
From MSP to MSSP using ElasticFrom MSP to MSSP using Elastic
From MSP to MSSP using Elastic
 
Cómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webCómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios web
 
Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
 
Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.
 
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
 
Welcome to a new state of find
Welcome to a new state of findWelcome to a new state of find
Welcome to a new state of find
 
Building great website search experiences
Building great website search experiencesBuilding great website search experiences
Building great website search experiences
 
Keynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchKeynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified search
 
Cómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesCómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisiones
 
Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
 
Transforming data into actionable insights
Transforming data into actionable insightsTransforming data into actionable insights
Transforming data into actionable insights
 
Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside Government
 
The opportunities and challenges of data for public good
The opportunities and challenges of data for public goodThe opportunities and challenges of data for public good
The opportunities and challenges of data for public good
 
Enterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticEnterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and Elastic
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Recently uploaded (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

Analyse de sécurité de bout en bout avec la Suite Elastic

  • 1. Vincent Maury Solutions Architect End-to-End Security Analytics with the Elastic Stack
  • 2. Is security a love killer?
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 10. Foundation for Effective Security Analysis (1/2) • Collect all parts of the puzzle • Normalize for aggregation and correlation across sources • Enrich to extend attributes available for analysis • Index data for fast search and analytics Collect Normalize Enrich Index
  • 11. What Are Beats? Lightweight data shippers for *nix systems, macOS and Windows Packetbeat Traffic (I/O) Processes TLS HTTP payloads DNS Metricbeat Metrics Processes State of services PaaS modules Auditbeat Unix audit daemon File integrity Processes & users Monitor anything! Filebeat File shipper Osquery integ Winlogbeat Windows events AD activity Remote desktop Windows FW Sysmon integ inc MSSQL… Heartbeat TCP/UDP ICMP HTTP Expired TLS Journalbeat Systemd logs
  • 12. Threat Intelligence Geo IP Information Other Information • Reputation information • Spammers (Spamhaus) • TIP feeds (STIX/TAXII) • Abuse.ch • Top N websites (WL) Data Enrichment • Country, State, … • Postal Code • Geo Fence • ISP • ASN • User Agent • Network model • CMDB • AD (user group…) • DNS (and reverse)
  • 13. Logstash Inputs Beats … … JDBC … … TCP UDP HTTP Filters Extract Fields Geo Enrich Lookup Enrich DNS Lookups Pattern Matching ArcSight Codec … Network / Security Data Syslog Servers Infra / App Data IoT / Sensors Persistent Disk Based Queues Normalization and Enrichment Using Logstash Beats Outputs Elasticsearch … … … … … Kafka RabbitMQ RDBMS Centralized Configuration Management Elasticsearch
  • 14. Foundation for Effective Security Analysis (2/2) • Analyze using machine learning (behavioral approach) • Alert on anomalies • Investigate at scale AlertAnalyze InvestigateIndex
  • 15. Temporal and population analysis When something behaves like itself Monday Tuesday Wednesday Thursday When something behaves like its peers Friday
  • 16. Integrating Alerts with Other Systems SOAR* Security Applications SDN Switches Messaging Services Issue Tracking Services Alerting *SOAR: Security Orchestration and Automated Response
  • 17. Demo platform – payments.swiftcrypto.com Elasticsearch Beats Modsecurity Bad IPs GeoIP ASN User Agent CT Vacations Logstash James Spiteri Machine Learning Alerting Logstash Slack
  • 19. Wrap up 1. Captured data from everywhere (network, host, security devices, threat intel…) 2. Enriched (geo, security, user) 3. Displayed 4. Analyzed (static and learning approaches) 5. Alerted (Notification & ticket) 6. Reacted (IP block) 7. Investigated
  • 20. 20
  • 21. The sky’s the limit 21
  • 22. 22 Key take-aways • Full stack view • Anomaly detection & response • Investigation at scale
  • 23.
  • 24. IT’S A MATCH! Tinder and Elastic liked each other. elastic.co/elasticon/tour/2015/los-angeles/keeping-your-data-from-getting-swiped-right-away-security-analytics-at-tinder elastic.co/elasticon/conf/2017/sf/tinder-using-the-elastic-stack-to-make-connections-around-the-world
  • 26.
  • 27. Thank you! Come and find us all at the AMA Booth James Spiteri