How Elastic Security Meets SOC Needs

•Download as PPTX, PDF•

0 likes•202 views

Hamza OUADIÂ presented on how Elastic Security meets the needs of Security Operations Centers (SOCs). The presentation covered how Elastic integrates data from various host, network, and custom sources. It then processes and normalizes the data using techniques like parsing, enrichment, and the Elastic Common Schema. Finally, it analyzed the data through detection rules, correlations, alerts, and machine learning to identify threats and anomalies. A demo of the Elastic Security product was also provided.

Technology

04 February 2021 @ 16:00 UTC+1
Elastic Morocco User Group
How Elastic Security Meets SOC Needs
Hamza OUADIÂ
Cyber Security Analyst

Store, Search, &
Analyze
Visualize &
Manage
Ingest
Elastic Stack
Kibana
Elasticsearch
Beats Logstash
Elastic Stack
Reliably and securely take data from any source, in any format, then search,
analyze, and visualize it in real time.

Elastic est une société de recherche
Nous mettons l'accent sur la valeur pour les
utilisateurs en produisant des résultats rapides
qui fonctionnent à grande échelle et qui sont
pertinents. C'est notre ADN. Nous pensons que
la recherche est une expérience. C'est ce qui
nous définit et nous rend uniques
Vitesse, Scalabilité,
Pertinence

3 Solutions
Elastic Enterprise Search
(Recherche en entreprise)
Elastic Security
(Sécurité à 360°)
Elastic Observability
(Observabilité à 360°)

Endpoint SIEM
How Elastic Security
Meets SOC Needs

Agenda
Introduction
Data Integration
Data Processing
Data Analytics
1
2
3
4
Demo : Elastic Security
5
Questions & Answers
6

SOC : Security Operations Center
Introduction
Image Source : https://bit.ly/3ac9lyK

SOC : Security Operations Center
Introduction
SIEM
Logs
Logs
Logs
Analyst

Event Lifecycle
Introduction
Data
Integration
Data Processing Data Analytics

Host & Network Telemetry
Data Integrations

Network
Data
Packetbeat :
• Flows
• DNS
• TLS
• HTTP
Filebeat :
• IDS/IPS/NMS modules: Zeek NMS, Suricata IDS
• NetFlow, CEF
• Firewall modules: Cisco ASA, FTD, Palo Alto Networks,
Ubiquiti IPTables
• Kubernetes modules: CoreDNS, Envoy proxy
• Google VPC flow logs, PubSub Input
elastic.co/integrations

Host
Data
Winlogbeat :
• Windows event logs
• Sysmon
• PowerShell
Filebeat :
• System logs (auth logs) (Linux)
• Multiline Event logs
Auditbeat :
• System module (Linux, macOS, Win.): packages, processes,
logins, sockets, users and groups
• Auditd module (Linux Kernel Audit info)
• File integrity monitoring (Linux, macOS, Win.)
Elastic Agent :
• One agent for all: logs, metrics and security
• 1-click integrations with Fleet
• Detection & Response

Custom
Data
Community Beats :
• Community driven Beats agents

Data Processing
“If I had nine hours to chop down a tree, I’d spend the
first six sharpening my ax.” – Abraham Lincoln

Event Normalization
Elastic Common Schema (ECS)
Data Processing
Benefits
• Correlate data from different sources
• Ability to re-use analysis content
• Ability to re-use Elastic-provided content
Status
• Version v1.7 published : github.com/elastic/ecs
• Supported in Beats and APM
• Community feedback welcome

Event Parsing & Enrichment
Data Processing
• Input: Syslog, File, TCP/UDP, Beats
• Filter: GROK, DNS, TLD, Geo IP, Date, JSON
• Output: Elasticsearch, Email

Detection Rules
Data Analysis
• Event-Centric Correlation (KQL Query)
• Sequence-Based Correlation (EQL Query)
• Threshold-Based Alerting
• Indicator-Based Alerting
• Machine Learning Jobs

Elastic Security
Detection, Prevention and Response for Unified Protection

Elastic is a Search Company
Search. Observe. Protect.
www.elastic.co
Thank you | Questions ?

Advances in technology are enabling a data and information revolution, and managing the network that moves all that data requires the right technology stack. It’s all about finding the right data at the right time for CenturyLink, creators of one of the largest networks in the world. See how CenturyLink has evolved their Network Management System and how Elastic plays a big part in their evolving platform. Learn how they address issues like volume, variety, and velocity of data being generated by disparate network devices and how they are creating simple yet scalable solutions to find the right data at the right time.

Powering the Cisco Intercloud Service using OpenStack Trove

Tesora

Artik cloud deview 2016

NAVER D2

The document discusses Samsung ARTIK Cloud, an open data exchange platform for the Internet of Things (IoT). It allows users to easily create and connect IoT devices, collect and massage device data, and build new services and applications. The platform represents things in the cloud, facilitates interoperability across devices and clouds, and enables data to be transformed and accessed through APIs and SDKs. It also ensures user privacy by allowing users to control and grant access to their own data.

Elasticsearch on Azure

Elasticsearch

This document discusses the partnership between Elastic and Microsoft Azure and highlights several products and services: 1. Elastic provides solutions for logs, metrics, application performance monitoring, uptime monitoring, security information and event management, and endpoints on the Elastic Stack that can be deployed on Azure in various ways. 2. The Elasticsearch Service on Azure is highlighted as the best way to deploy Elasticsearch, Kibana, and Elastic solutions on Azure with benefits like being hosted, secure, compliant, and always up-to-date. 3. Elastic Observability for Azure provides out-of-the-box support for Azure logs and metrics with integration for Azure Monitor and pre-built Kibana dashboards.

Sharad openstack slides

Sharad Aggarwal

OpenStack is an open-source cloud computing platform that consists of interrelated projects that provide software for building and managing public and private clouds. The projects include Nova (compute), Swift (object storage), Glance (image repository), Keystone (identity), Quantum (networking), Cinder (block storage), and Horizon (dashboard). OpenStack aims to produce a cloud computing platform that is simple to implement, massively scalable, and feature-rich. It has a large global community of developers and is used by many large companies and organizations.

Azure Data Factory is a hybrid data integration service in Azure that allows you to create, manage & operate data pipelines in Azure. It is a serverless orchestrator that allows you to create data pipelines to either move, transform, load data; a fully managed Extract, Transform, Load (ETL) & Extract, Load, Transform (ELT) service if you will. In this talk I'll cover the basics of Azure Data Factory and show you how you can create, manage & operate data pipelines.

Refactoring the Monolith: A Systematic Approach to Application Modernization

Dynatrace

Refactoring the Monolith: A Systematic Approach to Application Modernization You’re interested in a move closer to Cloud Native, but where would you possibly begin? More and more enterprises are looking beyond new applications as part of their modernization strategy, and hacking a path to cloud native by setting up a heterogeneous mix of workloads. By reducing technical debt, redesigning and re-platforming monolithic applications they are setting the stage for a manageable evolution toward a more cloud-native architecture. But change like this is high-profile and high stress—often with the executive team peering over your shoulder. They start with big questions: Where do I begin? What applications make sense to refactor? What is the user impact? And so on. Pivotal expert Kamala Dasika and Dynatrace’s Michael Villiger take you step-by-step through what you need to know as you inch closer to Cloud Native. You’ll get a structured framework for: • Choosing the right candidate apps for modernization • Uncovering the seams in your monolith that you can carve off • Discovering dependencies to reduce cohesion and coupling • Minimizing customer impact during migration

Intelligent Cloud Conference 2018 - Building secure cloud applications with A...

Tom Kerkhove

Customer Presentation - QuikTrip

Splunk

Splunk was implemented to consolidate asset data from various sources like Active Directory, network management tools, MDM, and spreadsheets into a centralized repository to kick start a CMDB. Professional services helped configure Splunk Enterprise Security which identified relevant data sources and how they could be used. The solution architecture included a master cluster, search head cluster, and indexer cluster. This allowed the organization to now have consolidated asset information in one place including hardware/OS details, users, locations, applications, network activity, security issues, and change history to feed their CMDB and improve IT maturity.

Build and Manage a Highly Secure Cloud Environment on AWS and Azure

CloudHesive

This document discusses frameworks and best practices for building a highly secure cloud environment on AWS and Azure. It covers the Cloud Adoption Framework (CAF), Well Architected Framework (WAF), game days, reference implementations, and industry organizations. It also provides details on security perspectives, pillars, principles, and recommended preventative, detective, and enforcing controls on AWS. The conclusion emphasizes iterating security controls over time, using detective controls for incident response, leveraging AWS services to supplement existing controls, and choosing from frameworks to meet an organization's specific needs.

Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...

Flink Forward

Microsoft uses Apache Flink to power Anubis, their anomaly detection engine for cloud activities. Anubis ingests activity events from cloud applications at large scale, maintains behavioral models for each user, detects anomalies in real-time, and raises alerts. Flink was chosen for its ability to handle massive state sizes, provide fault tolerance, and perform real-time stream processing at scale across multiple data centers. Microsoft has customized Flink for upgrades, monitoring, and deployment across large clusters to power Anubis and other production jobs.

Combining Logs, Metrics, and Traces for Unified Observability

Elasticsearch

Building Cloud Apps using Azure SQL Database

WinWire Technologies Inc

This document summarizes a webinar about building cloud apps using Azure SQL Database. The webinar covered key features of Azure SQL like security, geo-replication, elastic database pools, migrations from SQL Server, and business motivations for choosing Azure SQL over SQL Server. It included demos of creating firewall rules, understanding database transaction units (DTUs), and geo-replication. Questions from attendees were answered at the end.

Meetup introduction to elastic stack - search at scale - skilledfield slide...

Mouaz Alnouri

Now, without a doubt, given exponential data growth, there’s increased demand for relevant, real-time insights. We all know this. Elastic Stack is one of the best solutions with powerful search capabilities. It provides the opportunities to centralise data and consequently make actionable decisions. In this meetup we will walk through Elastic Stack, to help you better understand how to make the best use of the solution. This meetup will cover: -What is Elastic Stack and what problems it can solve -How can data analysts/scientists benefit from Elastic Stack -A demo

Monitoring docker, k8s and your applications with the elastic stack

SmartWave

This document discusses using the Elastic Stack, specifically Beats, to monitor Docker, Kubernetes, and applications. It provides an overview of the Beats family of lightweight data shippers, including Filebeat, Metricbeat, Packetbeat, Heartbeat, and Auditbeat. It then discusses how Metricbeat and metadata processors can be used to monitor Docker and Kubernetes by enriching events with metadata. It also covers autodiscover functionality where Metricbeat can dynamically start and stop modules based on Docker events. Lastly, it discusses different deployment strategies for the Elastic Stack with Docker and Kubernetes.

SAJACC WG Report Summary and Conclusions Jan 2013

Alan Sill

Logs, metrics and real time data analytics

Ewere Diagboya

The document discusses logs, metrics, real-time data analytics, and tools used for collecting and analyzing such data. It defines what logs and metrics are, and names several tools for collecting and visualizing metrics as well as analyzing real-time data, including the ELK stack. The ELK stack consists of Elasticsearch for storage, Logstash for parsing, and Kibana for analytics and visualization. The document also provides examples of how the ELK stack works and how Terragon has applied it to various applications.

_Search? Made Simple: Elastic + App Search

Elasticsearch

Monitoring your workload hosted on Microsoft Azure

Vikram Pendse

This document discusses monitoring workloads hosted on Microsoft Azure. It outlines the need for monitoring to ensure no downtime and how monitoring differs from security. It then describes various Azure monitoring services like Log Analytics, Application Insights, and Network Watcher that provide core infrastructure and application monitoring capabilities. The document also covers Azure Policy which allows defining and enforcing policies at the subscription and resource group level to maintain compliance. Finally, it mentions references and resources for further information on Azure monitoring.

Amis Query (02-09-2008): Reports From Oracle Open World - Database

Marco Gralike

Azure Container Apps

ICS

This document provides an introduction to Azure Container Apps, Azure Container Registry, and GitHub Actions. It discusses that Azure Container Apps provides a serverless environment for running containerized applications without needing to manage infrastructure. It also describes Azure Container Registry as a private Docker registry and GitHub Actions for automating software development workflows. The document concludes with references and a demo of hands-on labs to showcase these services.

Blockchain in the Food Supply Chain

Peter Kirchner

This talk was held at the Azure Meetup Munich on March, 15th. In a joint development iBERA AG and Microsoft have developed a solution for the industry of food trade to exchange lab reports for pesticides and other relevant documents confirming the quality of food. Those documents go a long way from the original farmer over transport companies until finally to the food retailing. iBERA has the knowledge and hardware to check food fast for pesticides and Microsoft supported creating a solution to save documents in the cloud and to exchange them tamperproof. This talk gives insights into this joint project, the motivations and decisions, the architecture, and how we built it. Peter Kirchner is Software Engineer in Commercial Software Engineering (CSE) at Microsoft. CSE's purpose is to build together with customers and partners on new products and solutions.

Elastic Cloud Enterprise @ Cisco

Elasticsearch

Migrating a legacy logging system: Etsy’s journey to Elastic Cloud

Elasticsearch

New York Elastic{ON} Tour Opening Keynote

Elasticsearch

Oscar Cabanillas - Elastic - OSL19

marketingsyone

Title: How to analyse your security data with Elastic SIEM. We define Security Analytics as the highly scalable collection, indexing, and real-time advanced analysis of all kinds of security-related data. We have introduced Elastic SIEM to provide a curated experience for security analysts and investigators to perform Security Information and Event Management, Thread Detection and Threat Hunting. In this presentation, we'll show the main technical features of the new solution and we'll make a demo to show how to start with the analysis process.

AWS October Webinar Series - Introducing Amazon Elasticsearch Service

Amazon Web Services

Running Elasticsearch often requires specialized expertise and significant resources to operate and manage infrastructure and Elasticsearch software. Amazon Elasticsearch Service makes it easy to deploy, operate, and scale Elasticsearch in AWS. In this webinar, we will walk through how to launch a fully functional Amazon Elasticsearch domain, load your data, and analyze it using the built-in Kibana integration. We will also cover the CloudWatch Logs integration, which enables you to have your log data, such as VPC logs, automatically loaded into your Amazon Elasticsearch domain for analysis and exploration.

What's hot

Intelligent Cloud Conference 2018 - Next Generation of Data Integration with ...

Tom Kerkhove

Refactoring the Monolith: A Systematic Approach to Application Modernization

Dynatrace

Intelligent Cloud Conference 2018 - Building secure cloud applications with A...

Tom Kerkhove

Customer Presentation - QuikTrip

Splunk

Build and Manage a Highly Secure Cloud Environment on AWS and Azure

CloudHesive

Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...

Flink Forward

Combining Logs, Metrics, and Traces for Unified Observability

Elasticsearch

Building Cloud Apps using Azure SQL Database

WinWire Technologies Inc

Meetup introduction to elastic stack - search at scale - skilledfield slide...

Mouaz Alnouri

Monitoring docker, k8s and your applications with the elastic stack

SmartWave

SAJACC WG Report Summary and Conclusions Jan 2013

Alan Sill

Logs, metrics and real time data analytics

Ewere Diagboya

_Search? Made Simple: Elastic + App Search

Elasticsearch

Monitoring your workload hosted on Microsoft Azure

Vikram Pendse

Amis Query (02-09-2008): Reports From Oracle Open World - Database

Marco Gralike

Azure Container Apps

ICS

Blockchain in the Food Supply Chain

Peter Kirchner

Elastic Cloud Enterprise @ Cisco

Elasticsearch

Migrating a legacy logging system: Etsy’s journey to Elastic Cloud

Elasticsearch

New York Elastic{ON} Tour Opening Keynote

Elasticsearch

What's hot (20)

Intelligent Cloud Conference 2018 - Next Generation of Data Integration with ...

Refactoring the Monolith: A Systematic Approach to Application Modernization

Intelligent Cloud Conference 2018 - Building secure cloud applications with A...

Customer Presentation - QuikTrip

Build and Manage a Highly Secure Cloud Environment on AWS and Azure

Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...

Combining Logs, Metrics, and Traces for Unified Observability

Building Cloud Apps using Azure SQL Database

Meetup introduction to elastic stack - search at scale - skilledfield slide...

Monitoring docker, k8s and your applications with the elastic stack

SAJACC WG Report Summary and Conclusions Jan 2013

Logs, metrics and real time data analytics

_Search? Made Simple: Elastic + App Search

Monitoring your workload hosted on Microsoft Azure

Amis Query (02-09-2008): Reports From Oracle Open World - Database

Azure Container Apps

Blockchain in the Food Supply Chain

Elastic Cloud Enterprise @ Cisco

Migrating a legacy logging system: Etsy’s journey to Elastic Cloud

New York Elastic{ON} Tour Opening Keynote

Similar to How Elastic Security Meets SOC Needs

Oscar Cabanillas - Elastic - OSL19

marketingsyone

AWS October Webinar Series - Introducing Amazon Elasticsearch Service

Amazon Web Services

Obtén visibilidad completa y encuentra problemas de seguridad ocultos

Elasticsearch

Aun las amenazas básicas pueden ser múltiples y complejas, y la visibilidad limitada de tus datos de seguridad simplemente no es suficiente. Ya sea que realices investigaciones o busques amenazas, necesitas todo el contexto relevante para la seguridad. Aprende las prácticas clave en la recopilación y normalización de datos y ve cómo puedes usar Elastic Security para clasificar, verificar y abordar problemas de forma rápida y precisa.

Examining OpenData with a Search Index using Elasticsearch

FaithWestdorp

Elastic is a search company that provides three main solutions - Elastic Enterprise Search, Elastic Security, and Elastic Observability. It has employees in over 40 countries and is a public company listed on the NYSE. Elastic focuses on fast, scalable search capabilities that are relevant to users. It provides unified visibility for logs, metrics and application performance monitoring. Elastic Security integrates endpoint protection and security information and event management. All solutions are powered by the Elastic Stack which allows ingestion, storage, search and analysis of data from any source.

Openstack security presentation 2013

brian_chong

Symantec is building a consolidated cloud platform using OpenStack to host its SaaS applications. It is analyzing and improving OpenStack's security posture. Key security concepts for OpenStack's Grizzly release include centralized management, network segmentation, token/PKI authentication, distributed policy management, and auditing/compliance. Areas of focus for securing an OpenStack deployment include message queuing, database security, certificate management, distribution verification, and two-factor authentication.

All Your Security Events Are Belong to ... You!

Xavier Mertens

This document discusses log management and security information event management. It begins by introducing the speaker and their background. It then discusses how most organizations are unprepared to deal with security incidents due to a lack of log management. It emphasizes the need for visibility into systems and integrating multiple log sources. It outlines technical, economic, and legal challenges around log collection, normalization, storage, search, reporting, and correlation. Finally, it discusses various open source and free log management tools that can be used to build out log monitoring capabilities.

All your logs are belong to you!

Security BSides London

BSidesLondon 20th April 2011 - Xavier Mertens (@xme) ======================== Your IT infrastructure generates thousands(millions?) of events a day. They are stored in several places under multiple forms and contain a lot of very interesting information. Using free tools, This presentation will give you some ideas how to properly manage this continuous flow of information and how to make them more valuable. for more about Xavier http://blog.rootshell.be

Logging, Metrics, and APM: The Operations Trifecta

Elasticsearch

Elastic Security Brochure

Joseph DeFever

Elastic Security provides security teams with a unified platform to prevent, detect, and respond to cyber threats at scale. It allows teams to search across petabytes of data in seconds, gain visibility across cloud, network, and endpoint data through one-click integrations, and accelerate investigations and incident response through built-in case management and collaboration tools. Elastic Security offers capabilities for threat prevention and detection, hunting and investigation, continuous monitoring, and analytics on large volumes of security data.

Elastic Security : Protéger son entreprise avec la Suite Elastic

Elasticsearch

Elastic Security provides unified protection built on the Elastic Stack. It aims to stop threats at scale, eliminate blind spots, and arm every analyst. Features include new modules for collecting data from Office 365 and Okta, CEF module support for Check Point, streaming logs to Logstash, and direct ML integration. Elastic Security is intended to be an out-of-the-box solution that provides prevention, detection, and response capabilities for security analysts everywhere using free and open source tools.

Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness

Toni de la Fuente

This document provides an overview of digital forensics and security in the cloud. It discusses common attacks such as access key compromise and misconfigured services. It also outlines an incident response workflow and tools that can be used to acquire evidence from AWS resources like EC2 instances, S3 buckets, and RDS databases. Finally, it discusses hardening strategies like using immutable infrastructure and auditing tools like Prowler to assess security configurations.

Introducing Open Distro for Elasticsearch - ADB201 - New York AWS Summit

Amazon Web Services

Open Distro for Elasticsearch is a 100% open-source distribution of Elasticsearch, the popular search and analytics engine. In this session, we explore its many new advanced features—previously available only in commercial software—including encryption in transit, role-based access control (RBAC), event monitoring and alerting, SQL support, cluster diagnostics, and more. We also show you how you can join the Open Distro for Elasticsearch community to accelerate open innovation for Elasticsearch.

Présentation ELK/SIEM et démo Wazuh

Aurélie Henriot

Why Elastic? @ 50th Vinitaly 2016

Christoph Wurm

Monitor all the cloud things - security monitoring for everyone

Duncan Godfrey

The document provides an introduction to security monitoring in cloud services. It discusses how to monitor cloud services by collecting logs through APIs and storing them in platforms like Splunk or Elastic Stack. It recommends analyzing the collected data to create security events, taking action like sending alerts, and having processes for tuning and triage. Opportunities in security monitoring include making it accessible for everyone and contributing to open source projects.

ThroughTheLookingGlass_EffectiveObservability.pptx

Grace Jansen

Our cloud-native environments are more complex than ever before! So how can we ensure that the applications we’re deploying to them are behaving as we intended them to? This is where effective observability is crucial. It enables us to monitor our applications in real-time and analyse and diagnose their behaviour in the cloud. However, until recently, we were lacking the standardization to ensure our observability solutions were applicable across different platforms and technologies. In this session, we’ll delve into what effective observability really means, exploring open source technologies and specifications, like OpenTelemetry, that can help us to achieve this while ensuring our applications remain flexible and portable.

ELK Solutions Enablement Session - 17th March'2020

Ashnikbiz

4aa5 3404

Bloombase

Automate threat detections and avoid false positives

Elasticsearch

ELK stack introduction

abenyeung1

The document provides an introduction to the ELK stack for log analysis and visualization. It discusses why large data tools are needed for network traffic and log analysis. It then describes the components of the ELK stack - Elasticsearch for storage and search, Logstash for data collection and parsing, and Kibana for visualization. Several use cases are presented, including how Cisco and Yale use the ELK stack for security monitoring and analyzing biomedical research data.

Similar to How Elastic Security Meets SOC Needs (20)

Oscar Cabanillas - Elastic - OSL19

AWS October Webinar Series - Introducing Amazon Elasticsearch Service

Obtén visibilidad completa y encuentra problemas de seguridad ocultos

Examining OpenData with a Search Index using Elasticsearch

Openstack security presentation 2013

All Your Security Events Are Belong to ... You!

All your logs are belong to you!

Logging, Metrics, and APM: The Operations Trifecta

Elastic Security Brochure

Elastic Security : Protéger son entreprise avec la Suite Elastic

Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness

Introducing Open Distro for Elasticsearch - ADB201 - New York AWS Summit

Présentation ELK/SIEM et démo Wazuh

Why Elastic? @ 50th Vinitaly 2016

Monitor all the cloud things - security monitoring for everyone

ThroughTheLookingGlass_EffectiveObservability.pptx

ELK Solutions Enablement Session - 17th March'2020

4aa5 3404

Automate threat detections and avoid false positives

ELK stack introduction

More from Anna Ossowski

Load testing Elasticsearch with Gatling

Anna Ossowski

The document summarizes a presentation about load testing Elasticsearch with Gatling. The presentation introduces Gatling as an open-source tool for continuous load testing that integrates with development pipelines. It recommends testing Elasticsearch under different conditions by changing one variable at a time, such as shard size or count. The presentation demonstrates Gatling through a demo and provides tips for effective load testing, including automating and repeating tests as well as cross-referencing results with Kibana.

Elastic Morocco Meetup Nov 2020

Anna Ossowski

This document summarizes a presentation on unifying logs, metrics, and distributed traces with the Elastic suite in a DevOps environment. The presentation introduces Elastic Stack and Elastic Observability, demonstrates log generation in the ECS format, and instrumenting code with Elastic APM using a React and Spring Boot demo. It also discusses the Elastic Contributor Program and provides examples of configuring the Elastic APM and RUM agents.

Elastic stockholm-meetup

Anna Ossowski

This document discusses using supervised machine learning models in the Elastic Stack to detect domain generation algorithms (DGAs) in network data. It covers training and evaluating classification models on n-gram features extracted from domain strings using Painless scripts. It also demonstrates an end-to-end pipeline for detecting DGA domains in Packetbeat data in real-time by generating n-gram features, running inference on a trained model, and using anomaly detection on the predicted labels to reduce false positives.

Elastic Morocco user group meetup June

Anna Ossowski

Elastic Morocco user group meetup July

Anna Ossowski

The document summarizes an Elastic Morocco Users Group meetup. The meetup agenda included discussions on digital transformation with a focus on data, an overview of the Elastic Stack, and how the Elastic Stack can support DevSecOps. The Elastic Stack was described as including Elasticsearch, Kibana, Beats, and Logstash for storing, searching, analyzing, visualizing, and managing data in real-time from various sources. Examples of how the Elastic Stack supports metrics, APM, logs, observability, security, and SIEM use cases were also provided. The meetup concluded with a question and answer session.

Visualise Covid-19 Data Using the Elastic Stack

Anna Ossowski

Rado Ondáš gave a presentation on visualizing Covid-19 data from Slovakia using the Elastic Stack. He began with an overview of the data source and architecture, including ingesting CSV data into Elasticsearch using Logstash. He then demonstrated setting up geospatial data in Elasticsearch using GDAL and importing visualizations and a dashboard into Kibana. Attendees were invited to ask questions during the Q&A portion and provide feedback in a post-meeting survey.

Tworzenie wyszukiwarek w elastic search

Anna Ossowski

Elastic stack upgrade

Anna Ossowski

This document discusses upgrading an Elastic Stack cluster from versions 6.4.6 to 6.8 and 7.x. It provides details on upgrading Elasticsearch, Kibana, Logstash, and Beats individually. It warns to back up data before upgrading and check for any breaking changes. The document also lists some potential problems encountered like mapping errors and permission issues, and provides guidance on troubleshooting and resources for assistance.

Elastic South Africa Meetup September 2020

Anna Ossowski

Elastic South Africa Meetup July 2020

Anna Ossowski

The document summarizes a meetup agenda for discussing updates to Elastic Stack versions 7.7 and 7.8, as well as topics on managing shards and index lifecycles. The agenda includes recaps of significant updates in 7.7 and 7.8 such as new integrations, observability features, and security enhancements. It also previews discussions on preventing oversharding, terminology related to shards and indexes, and demonstrations of index lifecycle management and snapshot lifecycle management.

Elastic South Africa Meetup June 2020

Anna Ossowski

Elastic South Africa Meetup April 2020

Anna Ossowski

[Virtual Meetup] Using Elasticsearch as a Time-Series Database in the Endpoin...

Anna Ossowski

Elasticsearch is used as a time series database to store historical data from ThousandEyes' Endpoint Agent. It was chosen over other options like MongoDB and InfluxDB for its ability to scale horizontally, create complex reports, and answer unexpected questions. The architecture involves ingesting data from agents into Kafka and then using Elasticsearch connectors to load it into Elasticsearch. Various applications then query Elasticsearch to power dashboards and analytics. Lessons learned include having separate clusters per product and using filters before aggregations to improve query performance. Future plans include scaling the cluster and evaluating routing to co-locate related data.

Tracking and visualizing COVID-19 with Elastic stack

Anna Ossowski

This document summarizes Julie Zhong's presentation on tracking and visualizing COVID-19 data with the Elastic Stack. The presentation covered: 1. Using Elastic Cloud Enterprise to deploy and manage Elasticsearch clusters for indexing COVID-19 case data. 2. Indexing and ingesting COVID-19 case data from various sources into Elasticsearch using Logstash, the Kibana machine learning app, and APIs. 3. Performing searches, aggregations, and visualizations on the COVID-19 data in Kibana to analyze and discover trends in the data over time. 4. Creating dashboards in Kibana to visualize metrics and aggregations of the COVID-19 data.

More from Anna Ossowski (14)

Load testing Elasticsearch with Gatling

Elastic Morocco Meetup Nov 2020

Elastic stockholm-meetup

Elastic Morocco user group meetup June

Elastic Morocco user group meetup July

Visualise Covid-19 Data Using the Elastic Stack

Tworzenie wyszukiwarek w elastic search

Elastic stack upgrade

Elastic South Africa Meetup September 2020

Elastic South Africa Meetup July 2020

Elastic South Africa Meetup June 2020

Elastic South Africa Meetup April 2020

[Virtual Meetup] Using Elasticsearch as a Time-Series Database in the Endpoin...

Tracking and visualizing COVID-19 with Elastic stack

Recently uploaded

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Data structures and Algorithms in Python.pdf

TIPNGVN2

How to Get CNIC Information System with Paksim Ga.pptx

danishmna97

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Malak Abu Hammad

Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers: * What is Vector Search? * Importance and benefits of vector search * Practical use cases across various industries * Step-by-step implementation guide * Live demos with code snippets * Enhancing LLM capabilities with vector search * Best practices and optimization strategies Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications. #MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Vladimir Iglovikov, Ph.D.

Presented by Vladimir Iglovikov: - https://www.linkedin.com/in/iglovikov/ - https://x.com/viglovikov - https://www.instagram.com/ternaus/ This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation. Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners. This case study covers various aspects, including: People: The contributors and community that have supported Albumentations. Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions. Challenges: The hurdles in monetizing open-source projects and measuring user engagement. Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration. Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community. Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations. Mental Health: Maintaining balance and not feeling pressured by user demands. Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth. Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects. Explore more about Albumentations and join the community at: GitHub: https://github.com/albumentations-team/albumentations Website: https://albumentations.ai/ LinkedIn: https://www.linkedin.com/company/100504475 Twitter: https://x.com/albumentations

UiPath Test Automation using UiPath Test Suite series, part 5

DianaGray10

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

RESUME BUILDER APPLICATION Project for students

KAMESHS29

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Neo4j

Leonard Jayamohan, Partner & Generative AI Lead, Deloitte This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.

20240607 QFM018 Elixir Reading List May 2024

Matthew Sinclair

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?

Speck&Tech

ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune. Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile. BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

Mind map of terminologies used in context of Generative AI

Kumud Singh

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...

Edge AI and Vision Alliance

For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/ Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit. In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing. van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.

How to use Firebase Data Connect For Flutter

Daiki Mogmet Ito

Recently uploaded (20)

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Pushing the limits of ePRTC: 100ns holdover for 100 days

Data structures and Algorithms in Python.pdf

How to Get CNIC Information System with Paksim Ga.pptx

National Security Agency - NSA mobile device best practices

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

UiPath Test Automation using UiPath Test Suite series, part 5

20240609 QFM020 Irresponsible AI Reading List May 2024

RESUME BUILDER APPLICATION Project for students

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

20240607 QFM018 Elixir Reading List May 2024

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?

Climate Impact of Software Testing at Nordic Testing Days

Essentials of Automations: The Art of Triggers and Actions in FME

Mind map of terminologies used in context of Generative AI

A tale of scale & speed: How the US Navy is enabling software delivery from l...

Securing your Kubernetes cluster_ a step-by-step guide to success !

“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...

How to use Firebase Data Connect For Flutter

How Elastic Security Meets SOC Needs

1. 04 February 2021 @ 16:00 UTC+1 Elastic Morocco User Group How Elastic Security Meets SOC Needs Hamza OUADIÂ Cyber Security Analyst

3. Store, Search, & Analyze Visualize & Manage Ingest Elastic Stack Kibana Elasticsearch Beats Logstash Elastic Stack Reliably and securely take data from any source, in any format, then search, analyze, and visualize it in real time.

4. Elastic est une société de recherche Nous mettons l'accent sur la valeur pour les utilisateurs en produisant des résultats rapides qui fonctionnent à grande échelle et qui sont pertinents. C'est notre ADN. Nous pensons que la recherche est une expérience. C'est ce qui nous définit et nous rend uniques Vitesse, Scalabilité, Pertinence

5. 3 Solutions Elastic Enterprise Search (Recherche en entreprise) Elastic Security (Sécurité à 360°) Elastic Observability (Observabilité à 360°)

6. Endpoint SIEM How Elastic Security Meets SOC Needs

7. Agenda Introduction Data Integration Data Processing Data Analytics 1 2 3 4 Demo : Elastic Security 5 Questions & Answers 6

8. SOC : Security Operations Center Introduction Image Source : https://bit.ly/3ac9lyK

9. SOC : Security Operations Center Introduction SIEM Logs Logs Logs Analyst

10. Event Lifecycle Introduction Data Integration Data Processing Data Analytics

11. Data Integration

12. Host & Network Telemetry Data Integrations

13. Network Data Packetbeat : • Flows • DNS • TLS • HTTP Filebeat : • IDS/IPS/NMS modules: Zeek NMS, Suricata IDS • NetFlow, CEF • Firewall modules: Cisco ASA, FTD, Palo Alto Networks, Ubiquiti IPTables • Kubernetes modules: CoreDNS, Envoy proxy • Google VPC flow logs, PubSub Input elastic.co/integrations

14. Host Data Winlogbeat : • Windows event logs • Sysmon • PowerShell Filebeat : • System logs (auth logs) (Linux) • Multiline Event logs Auditbeat : • System module (Linux, macOS, Win.): packages, processes, logins, sockets, users and groups • Auditd module (Linux Kernel Audit info) • File integrity monitoring (Linux, macOS, Win.) Elastic Agent : • One agent for all: logs, metrics and security • 1-click integrations with Fleet • Detection & Response

15. Custom Data Community Beats : • Community driven Beats agents

16. Data Processing “If I had nine hours to chop down a tree, I’d spend the first six sharpening my ax.” – Abraham Lincoln

17. Event Normalization Elastic Common Schema (ECS) Data Processing Benefits • Correlate data from different sources • Ability to re-use analysis content • Ability to re-use Elastic-provided content Status • Version v1.7 published : github.com/elastic/ecs • Supported in Beats and APM • Community feedback welcome

18. Event Parsing & Enrichment Data Processing • Input: Syslog, File, TCP/UDP, Beats • Filter: GROK, DNS, TLD, Geo IP, Date, JSON • Output: Elasticsearch, Email

19. Data Analytics

20. Detection Rules Data Analysis • Event-Centric Correlation (KQL Query) • Sequence-Based Correlation (EQL Query) • Threshold-Based Alerting • Indicator-Based Alerting • Machine Learning Jobs

21.

22. Elastic Security Detection, Prevention and Response for Unified Protection

23. Endpoint + SIEM Elastic Security +

24. DEMO Elastic Security

25. Elastic is a Search Company Search. Observe. Protect. www.elastic.co Thank you | Questions ?

How Elastic Security Meets SOC Needs

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to How Elastic Security Meets SOC Needs

Similar to How Elastic Security Meets SOC Needs (20)

More from Anna Ossowski

More from Anna Ossowski (14)

Recently uploaded

Recently uploaded (20)

How Elastic Security Meets SOC Needs