ELK is a log analysis stack that consists of Elasticsearch for storage, Logstash for transport and processing, and Kibana for visualization. Beats are lightweight shippers that move logs to Logstash or Elasticsearch. The document discusses using ELK for security analytics by ingesting large volumes of logs from various sources for threat hunting, user behavior analytics, and forensic analysis to address limitations of SIEM tools.
Video: https://www.youtube.com/watch?v=v69kyU5XMFI
A talk I gave at the Philly Security Shell meetup 2019-02-21 on how the Elastic Stack works and how you can use it for indexing and searching security logs. Tools I mentioned: Github repo with script and demo data - https://github.com/SecHubb/SecShell_Demo Cerebro - https://github.com/lmenezes/cerebro Elastalert - https://github.com/Yelp/elastalert For info on my SANS teaching schedule visit: https://www.sans.org/instructors/john... Twitter: https://twitter.com/SecHubb
So, what is the ELK Stack? "ELK" is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana. Elasticsearch is a search and analytics engine. Logstash is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a "stash" like Elasticsearch. Kibana lets users visualize data with charts and graphs in Elasticsearch.
Log Management
Log Monitoring
Log Analysis
Need for Log Analysis
Problem with Log Analysis
Some of Log Management Tool
What is ELK Stack
ELK Stack Working
Beats
Different Types of Server Logs
Example of Winlog beat, Packetbeat, Apache2 and Nginx Server log analysis
Mimikatz
Malicious File Detection using ELK
Practical Setup
Conclusion
Video: https://www.youtube.com/watch?v=v69kyU5XMFI
A talk I gave at the Philly Security Shell meetup 2019-02-21 on how the Elastic Stack works and how you can use it for indexing and searching security logs. Tools I mentioned: Github repo with script and demo data - https://github.com/SecHubb/SecShell_Demo Cerebro - https://github.com/lmenezes/cerebro Elastalert - https://github.com/Yelp/elastalert For info on my SANS teaching schedule visit: https://www.sans.org/instructors/john... Twitter: https://twitter.com/SecHubb
So, what is the ELK Stack? "ELK" is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana. Elasticsearch is a search and analytics engine. Logstash is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a "stash" like Elasticsearch. Kibana lets users visualize data with charts and graphs in Elasticsearch.
Log Management
Log Monitoring
Log Analysis
Need for Log Analysis
Problem with Log Analysis
Some of Log Management Tool
What is ELK Stack
ELK Stack Working
Beats
Different Types of Server Logs
Example of Winlog beat, Packetbeat, Apache2 and Nginx Server log analysis
Mimikatz
Malicious File Detection using ELK
Practical Setup
Conclusion
Empower Your Security Practitioners with Elastic SIEMElasticsearch
Learn how Elastic SIEM’s latest capabilities enable interactive exploration and automated analysis — all at the speed and scale your security practitioners need to defend your organization.
See the video: https://www.elastic.co/elasticon/tour/2019/washington-dc/empower-your-security-practitioners-with-elastic-siem
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementEl Mahdi Benzekri
Initiation to the powerful Elasticsearch Logstash and Kibana stack, it has many use cases, the popular one is the server and application log management.
What is Amazon OpenSearch Service?
OpenSearch is a distributed, open-source search and analytics package that may be used for real-
time application monitoring, log analysis, and internet search, among other things. With OpenSearch
Dashboards, an integrated visualization tool that makes it easy for users to examine their data,
OpenSearch provides a highly scalable solution for quick access and reaction to massive amounts of
data. The Apache Lucene search library, as well as OpenSearch, Elasticsearch, and Apache Solr,
support it. Elasticsearch 7.10.2 and Kibana 7.10.2 were used to create OpenSearch and OpenSearch
Dashboards. The Apache License Version 2.0 applies to all software in the OpenSearch project (ALv2).
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashAmazon Web Services
Version 7 of the Elastic Stack adds powerful new features to the popular open source platform for search, logging, and analytics. Come hear directly from Elastic engineers and architecture team members on powerful new additions like GIS functionality and frozen-tier search. Plus, hear about the full range of orchestration options for getting the most out of your deployments, however and wherever you choose to run them. This session is sponsored by Elastic.
Openness is important at Elastic — we code in the open, communicate directly with our users, and offer free, powerful software that can be deployed across major cloud providers or through self-managed downloads. Learn how Elastic Security delivers on our free and open philosophy to help SecOps teams take a broader, more inclusive approach to security and set their organizations up for success.
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
( ELK Stack Training - https://www.edureka.co/elk-stack-trai... )
This Edureka tutorial on What Is ELK Stack will help you in understanding the fundamentals of Elasticsearch, Logstash, and Kibana together and help you in building a strong foundation in ELK Stack. Below are the topics covered in this ELK tutorial for beginners:
1. Need for Log Analysis
2. Problems with Log Analysis
3. What is ELK Stack?
4. Features of ELK Stack
5. Companies Using ELK Stack
ELK Stack workshop covers real-world use cases and works with the participants to - implement them. This includes Elastic overview, Logstash configuration, creation of dashboards in Kibana, guidelines and tips on processing custom log formats, designing a system to scale, choosing hardware, and managing the lifecycle of your logs.
Securing platforms like Kubernetes can be challenging. Luckily there are tools to create insights into potential security threats. Get an introduction into the world of Security Information Event Monitoring (SIEM) and how to make OpenSearch your favorite solution for Security Analytics. You get familiar with the technology and concepts behind this powerful platform. Talk includes hands-on demo to get a grasp of provided functionality.
Visualize some of Austin's open source data using Elasticsearch with Kibana. ObjectRocket's Steve Croce presented this talk on 10/13/17 at the DBaaS event in Austin, TX.
An introduction to elasticsearch with a short demonstration on Kibana to present the search API. The slide covers:
- Quick overview of the Elastic stack
- indexation
- Analysers
- Relevance score
- One use case of elasticsearch
The query used for the Kibana demonstration can be found here:
https://github.com/melvynator/elasticsearch_presentation
My slides for PHDays 2018 Threat Hunting Hands-On Lab - https://www.phdays.com/en/program/reports/build-your-own-threat-hunting-based-on-open-source-tools/
Virtual Machines for lab are available here - https://yadi.sk/d/qB1PNBj_3ViWHe
Apache NiFi - Flow Based Programming MeetupJoseph Witt
These are the slides from the July 11th Meetup in Toronto for the Flow Based Programming meetup group at Lighthouse covering Enterprise Dataflow with Apache NiFi.
Attackers don’t just search for technology vulnerabilities, they take the easiest path and find the human vulnerabilities. Drive by web attacks, targeted spear phishing, and more are commonplace today with the goal of delivering custom malware. In a world where delivering custom advanced malware that handily evades signature and blacklisting approaches, and does not depend on application software vulnerabilities, how do we understand when are environments are compromised? What are the telltale signs that compromise activity has started, and how can we move to arrest a compromise in progress before the attacker laterally moves and reinforces their position? The penetration testing community knows these signs and artifacts of advanced malware presence, and it is up to us to help educate defenders on what to look for.
Empower Your Security Practitioners with Elastic SIEMElasticsearch
Learn how Elastic SIEM’s latest capabilities enable interactive exploration and automated analysis — all at the speed and scale your security practitioners need to defend your organization.
See the video: https://www.elastic.co/elasticon/tour/2019/washington-dc/empower-your-security-practitioners-with-elastic-siem
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementEl Mahdi Benzekri
Initiation to the powerful Elasticsearch Logstash and Kibana stack, it has many use cases, the popular one is the server and application log management.
What is Amazon OpenSearch Service?
OpenSearch is a distributed, open-source search and analytics package that may be used for real-
time application monitoring, log analysis, and internet search, among other things. With OpenSearch
Dashboards, an integrated visualization tool that makes it easy for users to examine their data,
OpenSearch provides a highly scalable solution for quick access and reaction to massive amounts of
data. The Apache Lucene search library, as well as OpenSearch, Elasticsearch, and Apache Solr,
support it. Elasticsearch 7.10.2 and Kibana 7.10.2 were used to create OpenSearch and OpenSearch
Dashboards. The Apache License Version 2.0 applies to all software in the OpenSearch project (ALv2).
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashAmazon Web Services
Version 7 of the Elastic Stack adds powerful new features to the popular open source platform for search, logging, and analytics. Come hear directly from Elastic engineers and architecture team members on powerful new additions like GIS functionality and frozen-tier search. Plus, hear about the full range of orchestration options for getting the most out of your deployments, however and wherever you choose to run them. This session is sponsored by Elastic.
Openness is important at Elastic — we code in the open, communicate directly with our users, and offer free, powerful software that can be deployed across major cloud providers or through self-managed downloads. Learn how Elastic Security delivers on our free and open philosophy to help SecOps teams take a broader, more inclusive approach to security and set their organizations up for success.
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
( ELK Stack Training - https://www.edureka.co/elk-stack-trai... )
This Edureka tutorial on What Is ELK Stack will help you in understanding the fundamentals of Elasticsearch, Logstash, and Kibana together and help you in building a strong foundation in ELK Stack. Below are the topics covered in this ELK tutorial for beginners:
1. Need for Log Analysis
2. Problems with Log Analysis
3. What is ELK Stack?
4. Features of ELK Stack
5. Companies Using ELK Stack
ELK Stack workshop covers real-world use cases and works with the participants to - implement them. This includes Elastic overview, Logstash configuration, creation of dashboards in Kibana, guidelines and tips on processing custom log formats, designing a system to scale, choosing hardware, and managing the lifecycle of your logs.
Securing platforms like Kubernetes can be challenging. Luckily there are tools to create insights into potential security threats. Get an introduction into the world of Security Information Event Monitoring (SIEM) and how to make OpenSearch your favorite solution for Security Analytics. You get familiar with the technology and concepts behind this powerful platform. Talk includes hands-on demo to get a grasp of provided functionality.
Visualize some of Austin's open source data using Elasticsearch with Kibana. ObjectRocket's Steve Croce presented this talk on 10/13/17 at the DBaaS event in Austin, TX.
An introduction to elasticsearch with a short demonstration on Kibana to present the search API. The slide covers:
- Quick overview of the Elastic stack
- indexation
- Analysers
- Relevance score
- One use case of elasticsearch
The query used for the Kibana demonstration can be found here:
https://github.com/melvynator/elasticsearch_presentation
My slides for PHDays 2018 Threat Hunting Hands-On Lab - https://www.phdays.com/en/program/reports/build-your-own-threat-hunting-based-on-open-source-tools/
Virtual Machines for lab are available here - https://yadi.sk/d/qB1PNBj_3ViWHe
Apache NiFi - Flow Based Programming MeetupJoseph Witt
These are the slides from the July 11th Meetup in Toronto for the Flow Based Programming meetup group at Lighthouse covering Enterprise Dataflow with Apache NiFi.
Attackers don’t just search for technology vulnerabilities, they take the easiest path and find the human vulnerabilities. Drive by web attacks, targeted spear phishing, and more are commonplace today with the goal of delivering custom malware. In a world where delivering custom advanced malware that handily evades signature and blacklisting approaches, and does not depend on application software vulnerabilities, how do we understand when are environments are compromised? What are the telltale signs that compromise activity has started, and how can we move to arrest a compromise in progress before the attacker laterally moves and reinforces their position? The penetration testing community knows these signs and artifacts of advanced malware presence, and it is up to us to help educate defenders on what to look for.
One of the easiest PHP MVC Framework to learn creating and running web applications. Part of our curriculum for Developing Web 2.0 Applications at www.silicongulf.com
BSidesLondon 20th April 2011 - Xavier Mertens (@xme)
========================
Your IT infrastructure generates thousands(millions?) of events a day. They are stored in several places under multiple forms and contain a lot of very interesting information. Using free tools, This presentation will give you some ideas how to properly manage this continuous flow of information and how to make them more valuable.
for more about Xavier
http://blog.rootshell.be
Functionality, security and performance monitoring of web assets (e.g. Joomla...Sanjay Willie
This presentation was from Joomla day 2016 held right here in KLCC Malaysia. Astiostech presented several important factors to consider when monitoring a web service with of course special focus on Joomla. However, these guidelines can be used for just about any web service you may want to monitor. Monitoring is pivotal to a web infrastructure and it should not be considered today as a luxury. With tools like Nagios XI, we can simply start monitoring with mere clicks of a web browser and you're pretty much on the right track.
CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"
Learn from those in the trenches who have deployed effective cyber strategies in their organizations, foiled attacks and managed breach situations. Learn approaches for success and pitfalls to avoid by exploring the experience of others with deployment and management of cyber security strategies and plans.
Learning Objectives:
Identify successes, challenges and lessons learned with implementation of cyber strategies
Identify success strategies for gaining the C Suite support and ways cyber security can be integrated into the organization's culture and work processes.
Identify best practices with anticipating new and emerging threats and ways to maintain a proactive position instead of reactive
Identify approaches for breach preparation and breach management
Featured Speakers:
Neal Ganguly, MBA, FCHIME, FHIMSS, CHCIO
VP & CIO
JFK Health System
Miroslav Belote
Director of IT – Infrastructure and Information Security Officer
JFK Health System
Nassar Nizami
CISO
Yale-New Haven Health System
Essential Layers of IBM i Security: Security Monitoring and AuditingPrecisely
Taking a holistic view of your security profile is critical to success. Grouping together security best practices and technologies into six primary layers, where each layer overlaps with the others, provides multiple lines of defense. Should one security layer be compromised, there’s a good chance that another layer will thwart a would-be intruder.
Our final webinar in this series focuses on monitoring the IBM i and automatically alerting administrators and security officers whenever suspicious activity is detected, as well as logging all security-related events for the purposes of tracking and auditing.
If you’re already using or thinking of moving to Microsoft Office 365, you’ll need to think about where to store your precious documents.
Microsoft SharePoint integrates with Office 365 and allows organisations to set up a centralised, password protected space to store and manage documents, create an intranet and collaborate on projects.
In this webinar with charity IT experts, Co-Operative Systems, we look at:
• What is SharePoint and why use it
• Key features explained
• Migrating to SharePoint and what it doesn't say on the tin
• Practical demonstration of how SharePoint works
• Question & Answer
About Co-Operative Systems:
Co-Operative Systems have helped over 2,000 users onto Microsoft's Office 365 platform, and have been providing specialist IT support services to the non-profit sector since 1987. Their annual Where ITs @ event for charities is hosted by Microsoft. Read more about Co-Operative Systems at: www.coopsys.net
Enterprise Security in Mainframe-Connected EnvironmentsPrecisely
Mainframe continues to power critical operations in enterprise IT – making it susceptible to external threats and attacks.
With Syncsort Ironstream, Splunk users can easily monitor and effectively resolve application, security and network problems on the mainframe, by opening up real-time operational data in Splunk Enterprise.
View this 15-minute webinar on-demand where we described the security and compliance challenges organizations face and how Ironstream® can work with Splunk to eliminate those security blindspots.
Lima - Digital Forensic Case Management SystemIntaForensics
The most effective Digital Forensic & E-Discovery Case Management System available commercially. "Best Buy" Award Winner in SC Magazine's Digital Forensic Tools Group Test 2013. Widely used in Law Enforcement, Commercial and Government Organisations in the USA, UK, EU, Canada & India
Ephesoft & Linux Webinar: Smart Capture™ is Now Even Smarter!Zia Consulting
With the recent release of Ephesoft 3.1 on Linux, the modern alternative to legacy intelligent capture technologies is now even further differentiated from the costly and complex choices of the past. During this presentation, we will provide an overview of Ephesoft on Linux and discuss the unique value provided with this offering.
Specific topics covered include:
-Why Ephesoft on Linux (vs. Windows)
-Ephesoft Web Services and Zia's "In-Process Capture"
-What's So Different About Ephesoft Anyway?
-Document Processing with Ephesoft: Mortgage, Insurance, Human Resources, Accounts Payable + more...
Zia is the 2012 and 2013 Partner of the Year for Ephesoft and co-author of the book Intelligent Document Capture with Ephesoft. Zia Solutions for Ephesoft include Mortgage and Insurance Processing, Invoice Automation, Employee Onboarding/Offboarding, and more!
eFolder Webinar — More than Dropbox: Five Unique File Sync Deployments for th...eFolder
File sync has become commonplace in business environments, due in large part to the technology’s ease of use. But despite the potential for file sync to address many of today’s common business challenges, most file sync deployments aren’t used beyond basic file sharing.
In this Channel Expert Hour, join Brendon Liner, Cloud Integration Specialist at nology networks, and Ted Hulsy, Vice President of eFolder, as they share five client deployments that transformed business and will change the way you think about file sync.
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
Android Reverse Engineering by Samrat Das
Abstract
• Intro to Reverse Engineering
• Short walkthough with Windows RE
• Introduction to Mobile Security Assessments
• Dalvik Virtual Machine vs JVM
• APK Walkthrough
• Components of Android
• Steps of Reverse Engineering Android Applications
• Hands-on demos on manual reversing of android apps
• Introduction to APPuse VM for droid assessments
• Detecting developer backdoors
• Creating Infected Android Applications
• Anti-Reversing | Obfuscation
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
2. About Me
• Trainer and Security Analyst at Institute
of Information Technology / Network
Intelligence India
• 4+ years experience in IT
• Conducted Trainings at multiple
corporates
• Part of the DFIR Team at NII
• Key domains – Security Analytics,
Malware Analysis, Log Analysis, Intrusion
Response
Lionel Faleiro [ @sandmaxprime ]
4. What Big Data..
• IS:
• Store large volumes of
data
• Enables us to run
queries on the data set
• IS NOT:
• Hadoop, Hive, Pig, Yarn
– these are
technologies
• Does not automatically
give you analytical
results
Lionel Faleiro [ @sandmaxprime ]
5. Why use Big Data in Security?
• User-behaviour
analytics
• Fraud Detection
• Log correlation from
additional sources
• Forensic analysis on
large volumes of data
Lionel Faleiro [ @sandmaxprime ]
6. Known SIEM
Issues
• Unable to ingest a lot of log sources
• Cost of storage is high
• Requires more compute power
• Licensing issues
• Monitoring on each endpoint is
problematic
• Current monitoring is static in nature
• Too many alerts
Lionel Faleiro [ @sandmaxprime ]
7. SIEM + ELK = SOC 2.0
• SIEM Functions
• Alerts for standard IT issues
• Rules based correlations
• Standard reporting/queries
• ELK Functions
• Visualize Logs for anomalies
• Ingest logs from multiple sources
with large volume
• Implement Threat-Hunting strategy
• Custom search and querying
Lionel Faleiro [ @sandmaxprime ]
9. What is ELK?
• E is a NoSQL databased that is based on the Lucene search engine
• Stores data in an unstructured way
• Cannot use SQL to query it.
• L is a log pipeline tool that accepts inputs, executes transformations
and outputs the data into various targets
• K is a visualization layer
Lionel Faleiro [ @sandmaxprime ]
12. Elasticsearch
• Based on Apache Lucene
• Open-source search engine library
• Created by Shay Banon
• Extends Lucene to store, index and search
• JSON over HTTP
Lionel Faleiro [ @sandmaxprime ]
20. Packetbeat
• Packetbeat is a lightweight network packet
analyzer that sends data to Logstash
or Elasticsearch
• It supports many application layer protocols,
from database to key-value stores to HTTP
and low-level protocols
Lionel Faleiro [ @sandmaxprime ]
22. Winlogbeat
• Winlogbeat live streams Windows event logs to Elasticsearch and
Logstash in a lightweight way
• Read from any windows event log channel
Lionel Faleiro [ @sandmaxprime ]
24. Heartbeat
• Monitor services for their availability with active probing
• Heartbeat pings via ICMP, TCP, and HTTP, and also has support for TLS,
authentication and proxies.
Lionel Faleiro [ @sandmaxprime ]
![ELK in Security analytics
-- Lionel Faleiro
Lionel Faleiro [ @sandmaxprime ]](https://image.slidesharecdn.com/nullmumbai-elk-171201090015/85/ELK-in-Security-Analytics-1-320.jpg)
![About Me
• Trainer and Security Analyst at Institute
of Information Technology / Network
Intelligence India
• 4+ years experience in IT
• Conducted Trainings at multiple
corporates
• Part of the DFIR Team at NII
• Key domains – Security Analytics,
Malware Analysis, Log Analysis, Intrusion
Response
Lionel Faleiro [ @sandmaxprime ]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)