SlideShare a Scribd company logo

University of Oxford: building a next generation SIEM

Elasticsearch
Elasticsearch

The University of Oxford’s Cyber Security Incident Response developed an in-house, next generation SIEM. Discover this system's capabilities, lessons learned, and why the Elastic Stack was chosen for its core. See the video: https://www.elastic.co/elasticon/tour/2019/london/oxford-university-building-a-next-generation-siem

Technology
1 of 41
1 Kristian Kocher, Security Big Data Lead
 Marko Jung, Global Head of Information Security Operations University of Oxford CERT 22nd October 2019 Building a next generation SIEM
OXFORD RESEARCHERS ARE MAJOR CONTRIBUTORS TO THE GLOBAL RESPONSE TO THE ZIKA EPIDEMIC Oxford Research •Oxford employs over 13,900 people, of which 7,260 are academics, researchers or teachers (56%). •According to the 2014 Research Excellence Framework, the latest official UK-wide assessment of all university research, Oxford has the largest volume of world-leading research in the country. •5% of all the UK’s graduate research students are studying at the University of Oxford.
OXFORD STUDENTS CELEBRATING AT RADCLIFFE CAMERA SQUARE AFTER THEIR FINAL EXAMS. Oxford Education •Oxford was ranked first in the world in the Times 
 Higher Education (THE) World University Rankings 
 for 2017, 2018, 2019, and 2020. •Nearly 24,000 students (11,747 UG, 11,687 PG) •Oxford is very competitive: around 21,500 people applied for around 3,300 undergraduate places for 
 entry in 2018. •Oxford offers more than 300 different graduate 
 degree programmes. •43% of our total student body – almost 10,000 students – are citizens of foreign countries. Students come to Oxford from over 150 countries and territories.
• Highly federated environment with 800 members of IT staff across over 110 units, plus 44 Colleges and Permanent Private Halls. • Units operate largely independently • Oxford operates one of the largest private networks in the country with • ~100,000 registered devices • redundant 40GBit/s Internet uplink Oxford 
 Information Technology
Oxford Cyber Security •2019 marks the 25th anniversary of OxCERT. •17 security experts split across two teams cover all five functions: identify, protect, detect, respond, and recover. •Offering services to the collegiate University similar to a managed security services provider. •Collaboration with cyber security researchers. •Deeply integrated in the international 
 security community.
Our Elastic Stack Story Proof of concept using Elasticsearch 1.5.1 Open Source 20192018201720162015 SAVANT – first production service using Elasticsearch 2.3 Upgrade to Elasticsearch 5.5.3
 Development subscription
 SearchGuard
 Hardware refresh Upgrades to Elasticsearch 6.x 
 Gold subscription
 More hardware Upgrade to Elasticsearch 7.2.x
 Platinum subscription
 Elastic Security
 Even more shiny kit
Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Data Generation & Collection Queue Processing &
 Enrichment Elastic Cluster Architecture Queue
 (2 locations)
Get a Handle on Your Data Just collecting all possible logs, events, and alarms does not help making sense out of them! • NTP time source, UTC based logging, and ISO 8601 date • Normalise your data during ingest, e.g.
 2001:420:1101:1::A vs 
 2001:420:1101:1:0:0:0:a (abbreviations and capitalisation) • Enrich with fresh metadata at ingest to capture situational context • Keep all the facts – or are you worried about the cost of storage? • Use a consistent schema...
Elastic Common Schema •Open Source specification for •a common set of fields •field groupings •naming conventions for custom fields •https://github.com/elastic/ecs •Objective: normalise event data in Elasticsearch •Elastic on their journey to support ECS in all their products
Elastic's Journey illustrated on NetFlow Codec
 nProbe Cento netflow.ipv4_src_addr netflow.l4_src_port netflow.in_pkts Logstash Module netflow.src_addr netflow.src_port netflow.packets
Elastic's Journey illustrated on NetFlow Codec
 nProbe Cento netflow.ipv4_src_addr netflow.l4_src_port netflow.in_pkts Logstash Module netflow.src_addr netflow.src_port netflow.packets
Elastic's Journey illustrated on NetFlow ECS is volatile and keeping on top is not always easy, but join us on the ride! Codec
 nProbe Cento netflow.ipv4_src_addr netflow.l4_src_port netflow.in_pkts Logstash Module netflow.src_addr netflow.src_port netflow.packets FileBeat Module netflow.source_ipv4_address netflow.tcp_source_port
 netflow.udp_source_port netflow.packet_total_count
 [ and many others ] Elastic Common Schema source.ip source.port source.packets
 network.packets
Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Elastic Cluster Architecture Queue
 (2 locations)
UsersDevices Network
Sophos Central Dashboard
Sophos Central Alerts
Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Elastic Cluster Architecture Queue
 (2 locations)
Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Sophos Cloud Data Collection Queue
 (2 locations) ... Sophos Central Event and Device Data Collector
Device Metadata in Extended ECS
Consolidated Sophos Dashboard
UsersDevices Network
Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Groupware Data Collection Queue
 (2 locations) CloudApp Security Exchange
 (on premise) Office365 CloudApp Log and Event Collector Office365 Log and Audit Collector Exchange Log, Audit, and Message Traces
Email Metadata in Extended ECS
Dashboards using Elastic
Compromised 
 Accounts and Systems 
 Behave Anomalously
Compromised Account Detection
Learn from experience? The Rise of the Machines Learn from experience Follow instructionsdata
Not All Entities are the Same
Not All Entities are the Same
Time Series Analysis
UsersDevices Network
Passive Fibre Tapping
Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis NetFlow Generation Architecture Queue
 (2 locations)
NetFlow in Numbers Typical 12 – 20 Gbit/s full duplex throughput •24 – 86 thousand events per second •0,76 –1,5 billion documents per day •400 – 600 GB index data disk per day •3-8 seconds from generation to index
Applications •Network Intrusion Detection •Threat Intelligence Real-Time and Retro Matching •IoC free – Machine Learning based Threat Hunting
Elastic ML on NetFlow
UsersDevices Network
SecDevOps ORCHESTRATION AUTOMATION MULTI-VENDOR DATA-DRIVEN AGILITY ADAPTABILITY VELOCITY INTEGRATION APIS BIG DATA SecDevOps RETRO MATCHING AND HUNTING PERMISSIVE CULTURE
Thank You! Kristian Kocher Security Big Data Lead m@mju.ng @mjung fb.com/markohjung Marko Jung Global Head of Information Security Operations

Recommended

Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhAurélie Henriot
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & ComplianceAmazon Web Services
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 

Recommended

Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhAurélie Henriot
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & ComplianceAmazon Web Services
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
Windows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationWindows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationMahendra Pratap Singh
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Amrit Chhetri
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOCSplunk
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopLife Cycle Engineering
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and OrchestrationGreg Foss
 
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptxSecurity Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptxVikas Singh Yadav
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security BenchmarkRahul Khengare
 
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersCISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersNUS-ISS
 
How to Prepare for the CISSP Exam
How to Prepare for the CISSP ExamHow to Prepare for the CISSP Exam
How to Prepare for the CISSP Examkoidis
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfshyedshahriar
 
OpenStack Toronto Q3 MeetUp - September 28th 2017
OpenStack Toronto Q3 MeetUp - September 28th 2017OpenStack Toronto Q3 MeetUp - September 28th 2017
OpenStack Toronto Q3 MeetUp - September 28th 2017Stacy Véronneau
 
Using the Open Science Data Cloud for Data Science Research
Using the Open Science Data Cloud for Data Science ResearchUsing the Open Science Data Cloud for Data Science Research
Using the Open Science Data Cloud for Data Science ResearchRobert Grossman
 

More Related Content

What's hot

Windows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationWindows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationMahendra Pratap Singh
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Amrit Chhetri
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOCSplunk
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopLife Cycle Engineering
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and OrchestrationGreg Foss
 
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptxSecurity Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptxVikas Singh Yadav
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security BenchmarkRahul Khengare
 
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersCISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersNUS-ISS
 
How to Prepare for the CISSP Exam
How to Prepare for the CISSP ExamHow to Prepare for the CISSP Exam
How to Prepare for the CISSP Examkoidis
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfshyedshahriar
 

What's hot (20)

Windows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationWindows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for Investigation
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app security
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOAR
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOC
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy Workshop
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and Orchestration
 
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptxSecurity Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security Benchmark
 
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersCISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security Leaders
 
How to Prepare for the CISSP Exam
How to Prepare for the CISSP ExamHow to Prepare for the CISSP Exam
How to Prepare for the CISSP Exam
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdf
 

Similar to University of Oxford: building a next generation SIEM

OpenStack Toronto Q3 MeetUp - September 28th 2017
OpenStack Toronto Q3 MeetUp - September 28th 2017OpenStack Toronto Q3 MeetUp - September 28th 2017
OpenStack Toronto Q3 MeetUp - September 28th 2017Stacy Véronneau
 
Using the Open Science Data Cloud for Data Science Research
Using the Open Science Data Cloud for Data Science ResearchUsing the Open Science Data Cloud for Data Science Research
Using the Open Science Data Cloud for Data Science ResearchRobert Grossman
 
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco IntercloudRick Bilodeau
 
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco IntercloudStreamsets Inc.
 
DataStax and Esri: Geotemporal IoT Search and Analytics
DataStax and Esri: Geotemporal IoT Search and AnalyticsDataStax and Esri: Geotemporal IoT Search and Analytics
DataStax and Esri: Geotemporal IoT Search and AnalyticsDataStax Academy
 
Louise McCluskey, Kx Engineer at Kx Systems
Louise McCluskey, Kx Engineer at Kx SystemsLouise McCluskey, Kx Engineer at Kx Systems
Louise McCluskey, Kx Engineer at Kx SystemsDataconomy Media
 
Cloud Standards in the Real World: Cloud Standards Testing for Developers
Cloud Standards in the Real World: Cloud Standards Testing for DevelopersCloud Standards in the Real World: Cloud Standards Testing for Developers
Cloud Standards in the Real World: Cloud Standards Testing for DevelopersAlan Sill
 
ELK stack introduction
ELK stack introduction ELK stack introduction
ELK stack introduction abenyeung1
 
Computation and Knowledge
Computation and KnowledgeComputation and Knowledge
Computation and KnowledgeIan Foster
 
Structural Biology in the Clouds: A Success Story of 10 years
Structural Biology in the Clouds: A Success Story of 10 yearsStructural Biology in the Clouds: A Success Story of 10 years
Structural Biology in the Clouds: A Success Story of 10 yearsAlexandreBonvin2
 
Tsinghua University: Two Exemplary Applications in China
Tsinghua University: Two Exemplary Applications in ChinaTsinghua University: Two Exemplary Applications in China
Tsinghua University: Two Exemplary Applications in ChinaDataStax Academy
 
Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018
Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018
Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018Codemotion
 
Creating a Science-Driven Big Data Superhighway
Creating a Science-Driven Big Data SuperhighwayCreating a Science-Driven Big Data Superhighway
Creating a Science-Driven Big Data SuperhighwayLarry Smarr
 
What’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackWhat’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackElasticsearch
 
CERN IT Monitoring
CERN IT Monitoring CERN IT Monitoring
CERN IT Monitoring Tim Bell
 
The Transformation of Systems Biology Into A Large Data Science
The Transformation of Systems Biology Into A Large Data ScienceThe Transformation of Systems Biology Into A Large Data Science
The Transformation of Systems Biology Into A Large Data ScienceRobert Grossman
 
re:Invent 2013-foster-madduri
re:Invent 2013-foster-maddurire:Invent 2013-foster-madduri
re:Invent 2013-foster-madduriRavi Madduri
 
NASA Advanced Computing Environment for Science & Engineering
NASA Advanced Computing Environment for Science & EngineeringNASA Advanced Computing Environment for Science & Engineering
NASA Advanced Computing Environment for Science & Engineeringinside-BigData.com
 
Linked Open Data about Springer Nature conferences. The story so far
Linked Open Data about Springer Nature conferences. The story so farLinked Open Data about Springer Nature conferences. The story so far
Linked Open Data about Springer Nature conferences. The story so farAliaksandr Birukou
 
Openstack For Beginners
Openstack For BeginnersOpenstack For Beginners
Openstack For Beginnerscpallares
 

Similar to University of Oxford: building a next generation SIEM (20)

OpenStack Toronto Q3 MeetUp - September 28th 2017
OpenStack Toronto Q3 MeetUp - September 28th 2017OpenStack Toronto Q3 MeetUp - September 28th 2017
OpenStack Toronto Q3 MeetUp - September 28th 2017
 
Using the Open Science Data Cloud for Data Science Research
Using the Open Science Data Cloud for Data Science ResearchUsing the Open Science Data Cloud for Data Science Research
Using the Open Science Data Cloud for Data Science Research
 
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
 
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
 
DataStax and Esri: Geotemporal IoT Search and Analytics
DataStax and Esri: Geotemporal IoT Search and AnalyticsDataStax and Esri: Geotemporal IoT Search and Analytics
DataStax and Esri: Geotemporal IoT Search and Analytics
 
Louise McCluskey, Kx Engineer at Kx Systems
Louise McCluskey, Kx Engineer at Kx SystemsLouise McCluskey, Kx Engineer at Kx Systems
Louise McCluskey, Kx Engineer at Kx Systems
 
Cloud Standards in the Real World: Cloud Standards Testing for Developers
Cloud Standards in the Real World: Cloud Standards Testing for DevelopersCloud Standards in the Real World: Cloud Standards Testing for Developers
Cloud Standards in the Real World: Cloud Standards Testing for Developers
 
ELK stack introduction
ELK stack introduction ELK stack introduction
ELK stack introduction
 
Computation and Knowledge
Computation and KnowledgeComputation and Knowledge
Computation and Knowledge
 
Structural Biology in the Clouds: A Success Story of 10 years
Structural Biology in the Clouds: A Success Story of 10 yearsStructural Biology in the Clouds: A Success Story of 10 years
Structural Biology in the Clouds: A Success Story of 10 years
 
Tsinghua University: Two Exemplary Applications in China
Tsinghua University: Two Exemplary Applications in ChinaTsinghua University: Two Exemplary Applications in China
Tsinghua University: Two Exemplary Applications in China
 
Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018
Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018
Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018
 
Creating a Science-Driven Big Data Superhighway
Creating a Science-Driven Big Data SuperhighwayCreating a Science-Driven Big Data Superhighway
Creating a Science-Driven Big Data Superhighway
 
What’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackWhat’s Evolving in the Elastic Stack
What’s Evolving in the Elastic Stack
 
CERN IT Monitoring
CERN IT Monitoring CERN IT Monitoring
CERN IT Monitoring
 
The Transformation of Systems Biology Into A Large Data Science
The Transformation of Systems Biology Into A Large Data ScienceThe Transformation of Systems Biology Into A Large Data Science
The Transformation of Systems Biology Into A Large Data Science
 
re:Invent 2013-foster-madduri
re:Invent 2013-foster-maddurire:Invent 2013-foster-madduri
re:Invent 2013-foster-madduri
 
NASA Advanced Computing Environment for Science & Engineering
NASA Advanced Computing Environment for Science & EngineeringNASA Advanced Computing Environment for Science & Engineering
NASA Advanced Computing Environment for Science & Engineering
 
Linked Open Data about Springer Nature conferences. The story so far
Linked Open Data about Springer Nature conferences. The story so farLinked Open Data about Springer Nature conferences. The story so far
Linked Open Data about Springer Nature conferences. The story so far
 
Openstack For Beginners
Openstack For BeginnersOpenstack For Beginners
Openstack For Beginners
 

More from Elasticsearch

An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxElasticsearch
 
From MSP to MSSP using Elastic
From MSP to MSSP using ElasticFrom MSP to MSSP using Elastic
From MSP to MSSP using ElasticElasticsearch
 
Cómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webCómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webElasticsearch
 
Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Elasticsearch
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudElasticsearch
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesElasticsearch
 
Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Elasticsearch
 
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Elasticsearch
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxElasticsearch
 
Welcome to a new state of find
Welcome to a new state of findWelcome to a new state of find
Welcome to a new state of findElasticsearch
 
Building great website search experiences
Building great website search experiencesBuilding great website search experiences
Building great website search experiencesElasticsearch
 
Keynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchKeynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchElasticsearch
 
Cómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesCómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesElasticsearch
 
Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Elasticsearch
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesElasticsearch
 
Transforming data into actionable insights
Transforming data into actionable insightsTransforming data into actionable insights
Transforming data into actionable insightsElasticsearch
 
Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Elasticsearch
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentElasticsearch
 
The opportunities and challenges of data for public good
The opportunities and challenges of data for public goodThe opportunities and challenges of data for public good
The opportunities and challenges of data for public goodElasticsearch
 
Enterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticEnterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticElasticsearch
 

More from Elasticsearch (20)

An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
 
From MSP to MSSP using Elastic
From MSP to MSSP using ElasticFrom MSP to MSSP using Elastic
From MSP to MSSP using Elastic
 
Cómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webCómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios web
 
Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
 
Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.
 
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
 
Welcome to a new state of find
Welcome to a new state of findWelcome to a new state of find
Welcome to a new state of find
 
Building great website search experiences
Building great website search experiencesBuilding great website search experiences
Building great website search experiences
 
Keynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchKeynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified search
 
Cómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesCómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisiones
 
Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
 
Transforming data into actionable insights
Transforming data into actionable insightsTransforming data into actionable insights
Transforming data into actionable insights
 
Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside Government
 
The opportunities and challenges of data for public good
The opportunities and challenges of data for public goodThe opportunities and challenges of data for public good
The opportunities and challenges of data for public good
 
Enterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticEnterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and Elastic
 

Recently uploaded

Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Recently uploaded (20)

Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

University of Oxford: building a next generation SIEM

  • 1. 1 Kristian Kocher, Security Big Data Lead
 Marko Jung, Global Head of Information Security Operations University of Oxford CERT 22nd October 2019 Building a next generation SIEM
  • 2.
  • 3. OXFORD RESEARCHERS ARE MAJOR CONTRIBUTORS TO THE GLOBAL RESPONSE TO THE ZIKA EPIDEMIC Oxford Research •Oxford employs over 13,900 people, of which 7,260 are academics, researchers or teachers (56%). •According to the 2014 Research Excellence Framework, the latest official UK-wide assessment of all university research, Oxford has the largest volume of world-leading research in the country. •5% of all the UK’s graduate research students are studying at the University of Oxford.
  • 4. OXFORD STUDENTS CELEBRATING AT RADCLIFFE CAMERA SQUARE AFTER THEIR FINAL EXAMS. Oxford Education •Oxford was ranked first in the world in the Times 
 Higher Education (THE) World University Rankings 
 for 2017, 2018, 2019, and 2020. •Nearly 24,000 students (11,747 UG, 11,687 PG) •Oxford is very competitive: around 21,500 people applied for around 3,300 undergraduate places for 
 entry in 2018. •Oxford offers more than 300 different graduate 
 degree programmes. •43% of our total student body – almost 10,000 students – are citizens of foreign countries. Students come to Oxford from over 150 countries and territories.
  • 5. • Highly federated environment with 800 members of IT staff across over 110 units, plus 44 Colleges and Permanent Private Halls. • Units operate largely independently • Oxford operates one of the largest private networks in the country with • ~100,000 registered devices • redundant 40GBit/s Internet uplink Oxford 
 Information Technology
  • 6. Oxford Cyber Security •2019 marks the 25th anniversary of OxCERT. •17 security experts split across two teams cover all five functions: identify, protect, detect, respond, and recover. •Offering services to the collegiate University similar to a managed security services provider. •Collaboration with cyber security researchers. •Deeply integrated in the international 
 security community.
  • 7. Our Elastic Stack Story Proof of concept using Elasticsearch 1.5.1 Open Source 20192018201720162015 SAVANT – first production service using Elasticsearch 2.3 Upgrade to Elasticsearch 5.5.3
 Development subscription
 SearchGuard
 Hardware refresh Upgrades to Elasticsearch 6.x 
 Gold subscription
 More hardware Upgrade to Elasticsearch 7.2.x
 Platinum subscription
 Elastic Security
 Even more shiny kit
  • 8. Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Data Generation & Collection Queue Processing &
 Enrichment Elastic Cluster Architecture Queue
 (2 locations)
  • 9. Get a Handle on Your Data Just collecting all possible logs, events, and alarms does not help making sense out of them! • NTP time source, UTC based logging, and ISO 8601 date • Normalise your data during ingest, e.g.
 2001:420:1101:1::A vs 
 2001:420:1101:1:0:0:0:a (abbreviations and capitalisation) • Enrich with fresh metadata at ingest to capture situational context • Keep all the facts – or are you worried about the cost of storage? • Use a consistent schema...
  • 10. Elastic Common Schema •Open Source specification for •a common set of fields •field groupings •naming conventions for custom fields •https://github.com/elastic/ecs •Objective: normalise event data in Elasticsearch •Elastic on their journey to support ECS in all their products
  • 11. Elastic's Journey illustrated on NetFlow Codec
 nProbe Cento netflow.ipv4_src_addr netflow.l4_src_port netflow.in_pkts Logstash Module netflow.src_addr netflow.src_port netflow.packets
  • 12. Elastic's Journey illustrated on NetFlow Codec
 nProbe Cento netflow.ipv4_src_addr netflow.l4_src_port netflow.in_pkts Logstash Module netflow.src_addr netflow.src_port netflow.packets
  • 13. Elastic's Journey illustrated on NetFlow ECS is volatile and keeping on top is not always easy, but join us on the ride! Codec
 nProbe Cento netflow.ipv4_src_addr netflow.l4_src_port netflow.in_pkts Logstash Module netflow.src_addr netflow.src_port netflow.packets FileBeat Module netflow.source_ipv4_address netflow.tcp_source_port
 netflow.udp_source_port netflow.packet_total_count
 [ and many others ] Elastic Common Schema source.ip source.port source.packets
 network.packets
  • 14. Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Elastic Cluster Architecture Queue
 (2 locations)
  • 18. Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Elastic Cluster Architecture Queue
 (2 locations)
  • 19. Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Sophos Cloud Data Collection Queue
 (2 locations) ... Sophos Central Event and Device Data Collector
  • 20. Device Metadata in Extended ECS
  • 23. Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Groupware Data Collection Queue
 (2 locations) CloudApp Security Exchange
 (on premise) Office365 CloudApp Log and Event Collector Office365 Log and Audit Collector Exchange Log, Audit, and Message Traces
  • 24. Email Metadata in Extended ECS
  • 26. Compromised 
 Accounts and Systems 
 Behave Anomalously
  • 28. Learn from experience? The Rise of the Machines Learn from experience Follow instructionsdata
  • 29. Not All Entities are the Same
  • 30. Not All Entities are the Same
  • 33.
  • 35. Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis NetFlow Generation Architecture Queue
 (2 locations)
  • 36. NetFlow in Numbers Typical 12 – 20 Gbit/s full duplex throughput •24 – 86 thousand events per second •0,76 –1,5 billion documents per day •400 – 600 GB index data disk per day •3-8 seconds from generation to index
  • 37. Applications •Network Intrusion Detection •Threat Intelligence Real-Time and Retro Matching •IoC free – Machine Learning based Threat Hunting
  • 38. Elastic ML on NetFlow
  • 41. Thank You! Kristian Kocher Security Big Data Lead m@mju.ng @mjung fb.com/markohjung Marko Jung Global Head of Information Security Operations