Smart Platform Infrastructure with AWSJames Huston
Learn from some of our insights and create a smart infrastructure that let's your team sleep at night!
Presented @DevOpsDays_CLT Feb 2017 by James Huston @hustonjs
As always the conference was opened with a speech by Alexei Vladishev, the creator of Zabbix, glancing over the accomplishments Zabbix made during the past year, mostly focusing on the features and improvements that await us all in the Zabbix 3.0 release.
Zabbix Conference 2015
Smart Platform Infrastructure with AWSJames Huston
Learn from some of our insights and create a smart infrastructure that let's your team sleep at night!
Presented @DevOpsDays_CLT Feb 2017 by James Huston @hustonjs
As always the conference was opened with a speech by Alexei Vladishev, the creator of Zabbix, glancing over the accomplishments Zabbix made during the past year, mostly focusing on the features and improvements that await us all in the Zabbix 3.0 release.
Zabbix Conference 2015
Ryan Armstrong - Monitoring More Than 6000 Devices in Zabbix | ZabConf2016Zabbix
Ryan will describe a Skunkworks project executed by Kinetic IT at the Department of Education to deliver an autonomous infrastructure monitoring solution for over 6000 devices distributed across WA. The team were given opportunity to experiment with DevOps practices such as Scrum product development, Infrastructure As Code and Continuous Integration to determine where the value lay and which practices should be adopted at greater scale.
Ansible is and automation platform that can be used to perform various tasks such as configuration management,provisioning,security orchestration.
It is open source ,agentless, powerfull and simple. This presentation will give an idea how to implement ansible in information security .
Jim's presentation about the software defined axe that is coming to chop your System Engineer Job.
Film: https://youtu.be/bejFMqDJKAQ
Slides: http://www.slideshare.net/JimLeitch/open-stack-jobs-avoiding-the-axe
Filming by Jim and Bas Mantel
Edited by Jim and Steven Geerts
Meetup details:
http://www.meetup.com/Openstack-Netherlands/events/227409852/
Slides from a talk given at DevSecCon on 206h October 2016 http://www.devseccon.com/blog/session/automating-owasp-zap/
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular and best maintained free security tools. In this workshop you will learn how to automate security tests using ZAP. These tests can then be included in your continuous integration / delivery pipeline. Simon will cover the range of integration options available and then walk you through automating ZAP against a test application. The ZAP UI will be used to explain the concepts and python scripting used to drive ZAP via its API – this can then also be used to drive ZAP in daemon mode.
This workshop is aimed at anyone interested in automating ZAP for security testing, including developers, functional testers (QA) and security/pentesters.
A 50 min talk at OWASP AppSec USA including demos Zest (a new security scripting language from Mozilla) and Plug-n-Hack (including fuzzing postMessages in the browser to find DOM XSS vulnerabilities). A video of this talk is available here: http://www.youtube.com/watch?v=pYFtLA2yTR8
Slides from my 'Introduction to the OWASP Zed Attack Proxy' presentation as part of the 2013 OWASP EU Tour in Amsterdam.
For more info about ZAP see: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Trouble Ticket Integration with Zabbix in Large EnvironmentAlain Ganuchaud
Large Environments rely on TroubleTicket tool and HelpDesk for managing IT issues. Bridging Zabbix with over 5000 servers and HelpDesk manually is a painful and impossible project. In this presentation we will cover how we may integrate Zabbix with HelpDesk, the architecture and what are the issues specially in Large Environments.
As an example, we will cover the case study of Zabbix - ServiceNow integration, as it was developped for SwissLife and released as OpenSource.
Even though large breaches have hit headline news in years past, some companies are still on the fence about investing in cybersecurity. As a security practitioner (or jack of all trades) how can you be expected to cover your assets with zero budget? Thankfully, there are plenty of open-source tools out there that will allow you to secure your organization. Come join me as I discuss how you can track your network assets, perform vulnerability assessments, prevent attacks with intrusion prevention systems, and even deploy HIDS. We will also jump into finding sensitive data and PII in your network, as well as incident response tools and automation. All it costs is your time (and maybe a VM or two). You really can drastically improve the security posture of your network with little to no budget, and you’ll have fun doing it! OK, maybe it won’t be fun, but at least you’ll learn something, right?
Ryan Armstrong - Monitoring More Than 6000 Devices in Zabbix | ZabConf2016Zabbix
Ryan will describe a Skunkworks project executed by Kinetic IT at the Department of Education to deliver an autonomous infrastructure monitoring solution for over 6000 devices distributed across WA. The team were given opportunity to experiment with DevOps practices such as Scrum product development, Infrastructure As Code and Continuous Integration to determine where the value lay and which practices should be adopted at greater scale.
Ansible is and automation platform that can be used to perform various tasks such as configuration management,provisioning,security orchestration.
It is open source ,agentless, powerfull and simple. This presentation will give an idea how to implement ansible in information security .
Jim's presentation about the software defined axe that is coming to chop your System Engineer Job.
Film: https://youtu.be/bejFMqDJKAQ
Slides: http://www.slideshare.net/JimLeitch/open-stack-jobs-avoiding-the-axe
Filming by Jim and Bas Mantel
Edited by Jim and Steven Geerts
Meetup details:
http://www.meetup.com/Openstack-Netherlands/events/227409852/
Slides from a talk given at DevSecCon on 206h October 2016 http://www.devseccon.com/blog/session/automating-owasp-zap/
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular and best maintained free security tools. In this workshop you will learn how to automate security tests using ZAP. These tests can then be included in your continuous integration / delivery pipeline. Simon will cover the range of integration options available and then walk you through automating ZAP against a test application. The ZAP UI will be used to explain the concepts and python scripting used to drive ZAP via its API – this can then also be used to drive ZAP in daemon mode.
This workshop is aimed at anyone interested in automating ZAP for security testing, including developers, functional testers (QA) and security/pentesters.
A 50 min talk at OWASP AppSec USA including demos Zest (a new security scripting language from Mozilla) and Plug-n-Hack (including fuzzing postMessages in the browser to find DOM XSS vulnerabilities). A video of this talk is available here: http://www.youtube.com/watch?v=pYFtLA2yTR8
Slides from my 'Introduction to the OWASP Zed Attack Proxy' presentation as part of the 2013 OWASP EU Tour in Amsterdam.
For more info about ZAP see: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Trouble Ticket Integration with Zabbix in Large EnvironmentAlain Ganuchaud
Large Environments rely on TroubleTicket tool and HelpDesk for managing IT issues. Bridging Zabbix with over 5000 servers and HelpDesk manually is a painful and impossible project. In this presentation we will cover how we may integrate Zabbix with HelpDesk, the architecture and what are the issues specially in Large Environments.
As an example, we will cover the case study of Zabbix - ServiceNow integration, as it was developped for SwissLife and released as OpenSource.
Even though large breaches have hit headline news in years past, some companies are still on the fence about investing in cybersecurity. As a security practitioner (or jack of all trades) how can you be expected to cover your assets with zero budget? Thankfully, there are plenty of open-source tools out there that will allow you to secure your organization. Come join me as I discuss how you can track your network assets, perform vulnerability assessments, prevent attacks with intrusion prevention systems, and even deploy HIDS. We will also jump into finding sensitive data and PII in your network, as well as incident response tools and automation. All it costs is your time (and maybe a VM or two). You really can drastically improve the security posture of your network with little to no budget, and you’ll have fun doing it! OK, maybe it won’t be fun, but at least you’ll learn something, right?
Microservices in action at the Dutch National Police - Bert Jan Schrijver - C...Codemotion
At the Cloud, Big Data and Internet division of the Dutch National Police, 4 DevOps teams use the latest open source technology to build high tech, cloud native web applications using Spring Boot, Angular 5, Spark, Kafka and Jenkins 2. I'll share our experiences and real-world use cases for microservices. I’ll show how 4 teams work together on one product and I’ll talk about how we apply the principles of DevOps and Continuous Delivery. I’ll show how we handle security, build pipelines, test automation, performance tests, service discovery, automated deployments, monitoring and more!
Functionality, security and performance monitoring of web assets (e.g. Joomla...Sanjay Willie
This presentation was from Joomla day 2016 held right here in KLCC Malaysia. Astiostech presented several important factors to consider when monitoring a web service with of course special focus on Joomla. However, these guidelines can be used for just about any web service you may want to monitor. Monitoring is pivotal to a web infrastructure and it should not be considered today as a luxury. With tools like Nagios XI, we can simply start monitoring with mere clicks of a web browser and you're pretty much on the right track.
Open Source Infrastructure / Development & Security > How to make it work? Kangaroot
Beginning of November 2017; Kangaroot was present at the IT & Digital Leaders / Noord Infosec Dialogue Benelux. Peter Dens explained how open source is used and gave some insights on containers and how to leverage you DevOps into a more secure environment.
Trent Hornibrook gave a recent talk at the Infracoders meet-up playing a thought experiment with the audience on 'what would be your tech decisions if you were given a blank cheque at at startup'.
Trent, recently working for a start-up then shared what decisions he made, and why
Know thy cost (or where performance problems lurk)Oren Eini
Performance happens. Whether you're designed for it or not it doesn’t matter, she is always invited to the party (and you better find her in a good mood). Knowing the cost of every operation, and how it distributes on every subsystem will ensure that when you are building that proof-of-concept (that always ends up in production) or designing the latest’s enterprise-grade application; you will know where those pesky performance bugs like to inhabit. In this session, we will go deep into the inner working of every performance sensitive subsystem. From the relative safety of the client to the binary world of Voron.
Time Series Anomaly Detection with Azure and .NETTMarco Parenzan
f you have any device or source that generates values over time (also a log from a service), you want to determine if in a time frame, the time serie is correct or you can detect some anomalies. What can you do as a developer (not a Data Scientist) with .NET o Azure? Let's see how in this session.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. Agenda
•Budget challenges beyond CapEx/OpEx
•Foundations: The big picture and where to start
•Specific free & open-source tools to help at each step
•Real-World Experiences and Fun Stories*
*Randomly dispersed throughout
3. whoami – Kyle Bubp
• Just a dude trying to make things better.
4. Security: What’s the “True Cost”?
• Security = People + Processes + Products
People
• Salary
• Training
• Personal Dev
• Management
Processes
• Plan (policy)
• Build (tech)
• Test
• Improvement
Products
• CapEx/OpEx
• Support
• Time to Value
• Labor:Value
5. Why FOSS?
Not just for people with budget constraints!
It’s about time and control.
6. Commercial
1. Google search
2. Choose three
3. Contact vendors
4. Proof of concept
5. Wine & dine
6. Procurement
7. Implementation
Elapsed time: weeks/months
FOSS
1. Google search
2. Download
3. Configure
Elapsed time: minutes/hours
Why FOSS?
10. Foundational Blueprints and Frameworks
•NIST Standards and Frameworks
•CIS Critical Security Controls
•ISO 27000
•MITRE ATT&CK
11.
12. Document everything!
A core documentation repository is critical
•Policy, procedure, how-tos, etc:
• MediaWiki
• Atlassian Confluence ($10 for up to 10 users)
•Incident Response Ticketing/Documentation:
• RTIR (https://bestpractical.com/download-page)
• The Hive (https://thehive-project.org/)
13. Build from the ground up
1. Identify
2. Protect and Harden
3. Detect
4. Respond
5. Recover
14.
15. The Asset Discovery Dilemma
Active Scanning? Nmap? Vuln Scanner? No. Ask your network!
NetDB https://netdbtracking.sourceforge.net/
.ova available at https://www.kylebubp.com/files/netdb.ova
16. Other network mapping approaches
•nmap + ndiff/yandiff
• Not just for red teams.
• Export results, diff for changes.
• Alert if something changed.
•Netdisco
• https://sourceforge.net/projects/netdisco
• Uses SNMP to inventory your network devices
18. OpenVAS
•Fork of Nessus
•Still maintained
•Default vuln scanner in AlienVault
•Does a great job in comparison w/ commercial products
19. Web Apps too!
•Arachni Framework (arachni-scanner.com)
•OWASP ZAP (Zed Attack Proxy)
•Nikto2 (more of a server config scanner)
•Portswigger Burp Suite (not free - $350)
•For a comparison – sectoolmarket.com
20. In addition to fixing vulnerabilities…
•Build in some additional security on your web servers.
(also part of a secure configuration)
•Fail2ban
Python-based IPS that runs off of Apache Logs
•Modsecurity
Open source WAF for Apache, IIS, & nginx
21. Build from the ground up
1. Identify
2. Protect and Harden
3. Detect
4. Respond
5. Recover
26. Secure Configuration
•CIS Benchmarks / DISA Stigs
•Configuration Management, while not exciting, is important
•Deploy configs across your enterprise using tools like GPO, Chef, Puppet,
or Ansible
•Change Management is also important
• Use git repo for tracking changes to your config scripts
30. Build from the ground up
1. Identify
2. Protect and Harden
3. Detect
4. Respond
5. Recover
31. What’s happening on the endpoint?
•Facebook-developed osquery is effectively free EDR
• Agents for MacOS, Windows, Linux
• Deploy across your enterprise w/ Chef, Puppet, Ansible, or SCCM
• Do fun things like, search for IoCs (hashes, processes, etc.)
• Pipe the data into ElasticStack for visibility & searchability
•If you only need Windows, check out Microsoft Sysinternals Sysmon
32. What’s happening on the network?
•Elkstack
•Suricata
•Bro
•Snort
•SecurityOnion: put it all together
33. Logging and Monitoring
•Central logging makes detection and analysis easier
•Many options here, such as Windows Event Subscription, rsyslog
•Can also pipe to one central location with dashboards, such as ElasticStack
•Good idea to include DNS logs!
38. Parting thoughts…
• Build versus Buy
• Security Requirements don’t change, regardless of budget.
• Build a strong foundation and branch out.
• Consider scenarios – solve one scenario at a time, NOT all at once!
• Stay curious and contribute to projects you like.
• Community! Share ideas – learn from others
• DOCUMENT EVERYTHING