Threat hunting with Elastic APM

•

0 likes•104 views

This document discusses how application performance monitoring (APM) data from the Elastic Stack can be used for threat hunting. It describes how APM data can be combined with machine learning and security information and event management (SIEM) to more easily detect anomalies, pinpoint potential security threats, and reduce mean time to resolution for issues. The document provides examples of how APM metadata can be applied as filters across different Elastic solutions to focus analysis and identifies specific attack models and techniques that can be applied in APM-driven threat hunting rules.

Threat Hunting with APM
Search. Observe. Protect.
Ruben Perez (Sr. Solutions Architect @ Elastic)
May 28, 2020
sled@elastic.co

- Monitor software services and applications in real
time to make it easier to pinpoint and remedy
performance problems, quickly.
- Automatically collect unhandled errors and
exceptions.
- Automatically retrieve basic host-level and agent
speciﬁc metrics.
Application
Performance
Monitoring

Elastic Enterprise Search Elastic SecurityElastic Observability
Kibana
Elasticsearch
Beats Logstash
3 solutions powered by 1 stack
Elastic Stack

Business Deployment Abstract
Applications VMs/Containers
Other DBs,
Services &
Middleware
Orchestration InfrastructureAPM
Metrics
Logs
Uptime
Uptime
APM Metrics
APM Logs
APM
APM
Metrics
Logs
Uptime
Metrics
Logs
Uptime
APM

APM Supported Technologies
RealUserMonitoring

Combine autonomous
monitoring with alerts of
unknown & deﬁned
events.
Correlate ML & Watcher with
APM view from same screen
Reduces the need to toggle between
tabs to generate ML jobs or Watcher
alerts on events of APM monitored
services.
Apply APM metadata as ﬁlters
in diﬀerent solution views
The Elastic solutions all have a variant
view of the dataset, but can share APM
metadata as ﬁlters to cull the view
Event Detection

Decrease MTTR by
sequencing ML and APM
analysis
APM service(s) driving
anomalous event(s)
Observe how ML triggered events are
inﬂuenced by APM services.
Analyze in ML & APM views
ML anomalies can contain a hyperlink to
the APM analysis view of the service(s)
that inﬂuenced the event.
ML + APM
Analysis

Server & service
information can assist in
securing the network
APM Server information can be
shared in SIEM
Leveraging the same dataset as APM,
SIEM can be used to track and identify
potential threats to the business
Tagging can help reduce MTTR
APM data can be tagged for use in the
various Elastic solutions, especially
SIEM, as a ﬁltration mechanism
Highlight unexpected processes
Rogue processes or unauthorized
access requests can be quickly identiﬁed
with APM & SIEM monitoring
Threat Hunting
with APM

APM data can be used by
SIEM to perform signal
detections
Customize signal detection
rules for APM data
Apply target inﬂuencer(s) of the signal
detection leveraging APM metadata
Select any MITRE attack models
to apply to the signal rule
Each MITRE attack model has collection
techniques that can be applied
Schedule the signal for
continued threat hunting
Flexibility to select signal detection
frequency
APM Driven
Threat Hunting
https://www.elastic.co/campaigns/mitre-attack

Show Me Something
Search. Observe. Protect.

SLED Virtual Group
● Are you interested in learning more about Elastic?
● Do you want to represent your community at the next Elastic
Virtual Group?
● Come check out your opportunity to be a leader and have your
voice heard:
○ https://community.elastic.co/state-and-local-government-and-
education-sled-virtual/
At our next Virtual Group, led by Jenny Morris,
we will be learning more about how to
Leverage Elastic machine learning features to
enhance your security posture.

Training Subscriptions
Annual pass
Year-round learning solution for a named
user
Training on the go
Flexible options include live, virtual and
On-Demand training
Immersive learning
Hands-on, solution-based training
Extensive curriculum
Classes span the Elastic Stack with new
content added regularly
Explore all beneﬁts

Elastic Use Cases
Elastic Enterprise Search Elastic SecurityElastic Observability
https://www.elastic.co/customers/

Elastic is a Search Company.
www.elastic.co
Thank you, any questions?
Search. Observe. Protect.

La réussite des initiatives d'observabilité repose souvent sur les équipes de plateformes qui définissent, standardisent et régissent les outils et cadres centralisés. Découvrez comment Elastic Observability aide ces équipes en offrant des fonctionnalités telles que la gestion centralisée pour les agents, la catégorisation automatique des logs (grâce au machine learning), la gestion du cycle de vie des index et la recherche dans les snapshots. Ensemble, nous pouvons vous aider à créer des centres d'excellence et à proposer l'observabilité en tant que service à vos collaborateurs internes.

Get full visibility and find hidden security issues

Elasticsearch

Automate threat detections and avoid false positives

Elasticsearch

Elastic Security provides unified protection built on the Elastic Stack. It aims to stop threats at scale, eliminate blind spots, and arm every analyst. Features include new modules for collecting data from Office 365 and Okta, CEF module support for Check Point, streaming logs to Logstash, and direct ML integration. Elastic Security is intended to be an out-of-the-box solution that provides prevention, detection, and response capabilities for security analysts everywhere using free and open source tools.

Keynote: Elastic Observability evolution and vision

Elasticsearch

Building Elastic into security operations

Elasticsearch

Combining logs, metrics, and traces for unified observability

Elasticsearch

Reinventing enterprise defense with the Elastic Stack

Elasticsearch

Get full visibility and find hidden security issues

Elasticsearch

Keynote: Elastic Security evolution and vision

Elasticsearch

Using Data Science for Cybersecurity

VMware Tanzu

Watch the video: https://content.pivotal.io/webinars/using-data-science-for-cybersecurity Enterprise networks are under constant threat. While perimeter security can help keep some bad actors out, we know from experience that there is no 100%, foolproof way to prevent unwanted intrusions. In many cases, bad actors come from within the enterprise, meaning perimeter security methods are ineffective. Enterprises, therefore, must enhance their cybersecurity efforts to include data science-driven methods for identifying anomalous and potentially nefarious user behavior taking place inside their networks and IT infrastructure. Join Pivotal’s Anirudh Kondaveeti and Jeff Kelly in this live webinar on data science for cybersecurity. You’ll learn how to perform data-science driven anomalous user behavior using a two-stage framework, including using principal components analysis to develop user specific behavioral models. Anirudh and Jeff will also share examples of successful real-world cybersecurity efforts and tips for getting started. About the Speakers: Anirudh Kondaveeti is a Principal Data Scientist at Pivotal with a focus on Cybersecurity and spatio-temporal data mining. He has developed statistical models and machine learning algorithms to detect insider and external threats and "needle-in-the-hay-stack" anomalies in machine generated network data for leading industries. Jeff Kelly is a Principal Product Marketing Manager at Pivotal.

Kubernetes Jakarta Meetup 010 - Service Mesh Observability with Kiali

Yusuf Hadiwinata Sutandar

SplunkLive! Munich 2018: Siemens Security Use Case

Splunk

Democratizing Observability

denise stockman

This document discusses the journey of a technology team in improving their observability and monitoring practices over time. Initially, the team implemented basic monitoring of metrics and logging. However, as the systems grew in complexity, issues arose with deployment speed and unknown problems. The team refocused on empowering developers to own deployments and services. They redesigned their monitoring stack to be more self-service and collaborative. In the end, the team achieved better operational harmony through inclusive planning and ongoing improvements to measuring and observing system behavior.

Microsoft: Enterprise search for cloud native applications

Elasticsearch

Palestra de abertura: Evolução e visão do Elastic Security

Elasticsearch

Real-time analytics in IoT by Sam Vanhoutte (@Building The Future 2019)

Codit

This document discusses real-time data analytics in IoT from edge to cloud. It presents a traffic camera scenario to demonstrate how IoT Edge can be used to transmit camera events to IoT Hub. Time Series Insights enables near real-time data exploration. Stream Analytics is used both in the cloud and on edge for real-time processing. Azure Databricks is used for structured streaming and machine learning. The value of IoT lies in integrating data from edge to cloud through services like IoT Hub, Stream Analytics, and Data Bricks.

Machine Analytics: Correlate Your Logs and Metrics

Sumo Logic

To effectively manage your application, it’s critical to have visibility into both logs and metrics. Metrics can provide app and infrastructure KPI’s, while logs provide context into application and infrastructure execution KPIs. Managing one without the other, provides you with incomplete data; you need both to troubleshoot application issues quickly and efficiently. This webinar will feature a live demo of Sumo Logic’s Unified Logs and Metrics machine data analytics platform and show how to: Natively ingest your logs, host metrics, AWS metrics and Graphite-compatible metrics Proactively set alerts based on logs and metrics thresholds Analyze and correlate logs and metrics in real-time and in a unified way to reduce mean time to problem resolution (MTTR)

Elastic APM : développez vos logs et vos indicateurs pour obtenir une vue com...

Elasticsearch

Pour les organisations modernes, les applications sont souvent l'interface client principale, et influencent directement les résultats tels que le chiffre d'affaires et la fidélisation de la clientèle. Quelle que soit votre progression dans votre parcours vers les solutions cloud natives, Elastic APM peut vous aider à améliorer les expériences clients en détectant plus tôt les goulets d'étranglement des performances et en identifiant plus rapidement les régressions à partir des nouveaux déploiements. Découvrez comment obtenir une vue complète des services qui alimentent vos applications, du front-end au back-end, pour garantir un fonctionnement optimal.

Setting up Sumo Logic - June 2017

Sumo Logic

Webinar: https://www.sumologic.com/online-training/#SettingUpSumo Designed for Administrators, this course shows you how to set up your data collection according to your organization’s data sources. Best practices around deployment options ensure you choose a deployment that scales as your organization grows. Because metadata is so important to a healthy environment, learn how to design and set up a naming convention that works best for your teams. Use Chef, Puppet or the likes? Learn how to automate your deployment. Test your deployment with simple searches, and learn to take advantage of optimization tools that can help you stay on top of your deployment.

Comment transformer vos données en informations exploitables

Elasticsearch

Keynote: Making search better, faster, easier

Elasticsearch

The way we work, shop, and consume content has shifted in 2020. Unsurprisingly, search has become the cornerstone of those activities. Get to know the team behind Elastic Enterprise Search and hear how we’ve taken a different approach to enabling you to deliver new search experiences for your customers and teams. We’ll also show how some of our customers have thrived during the Covid 19 pandemic by leveraging the scalability and flexibility of Enterprise Search on Elastic Cloud. Plus, we’ll take you on a guided tour of the latest innovations and what’s new in our latest releases.

Combining Logs, Metrics, and Traces for Unified Observability

Elasticsearch

Elastic SIEM (Endpoint Security)

Kangaroot

Hacking appliances

Jonathan Suldo

What's hot

Elastic Security : Protéger son entreprise avec la Suite Elastic

Elasticsearch

Keynote: Elastic Observability evolution and vision

Elasticsearch

Building Elastic into security operations

Elasticsearch

Combining logs, metrics, and traces for unified observability

Elasticsearch

Reinventing enterprise defense with the Elastic Stack

Elasticsearch

Get full visibility and find hidden security issues

Elasticsearch

Keynote: Elastic Security evolution and vision

Elasticsearch

Using Data Science for Cybersecurity

VMware Tanzu

Kubernetes Jakarta Meetup 010 - Service Mesh Observability with Kiali

Yusuf Hadiwinata Sutandar

SplunkLive! Munich 2018: Siemens Security Use Case

Splunk

Democratizing Observability

denise stockman

Microsoft: Enterprise search for cloud native applications

Elasticsearch

Palestra de abertura: Evolução e visão do Elastic Security

Elasticsearch

Real-time analytics in IoT by Sam Vanhoutte (@Building The Future 2019)

Codit

Machine Analytics: Correlate Your Logs and Metrics

Sumo Logic

Elastic APM : développez vos logs et vos indicateurs pour obtenir une vue com...

Elasticsearch

Setting up Sumo Logic - June 2017

Sumo Logic

Comment transformer vos données en informations exploitables

Elasticsearch

Keynote: Making search better, faster, easier

Elasticsearch

Combining Logs, Metrics, and Traces for Unified Observability

Elasticsearch

What's hot (20)

Elastic Security : Protéger son entreprise avec la Suite Elastic

Keynote: Elastic Observability evolution and vision

Building Elastic into security operations

Combining logs, metrics, and traces for unified observability

Reinventing enterprise defense with the Elastic Stack

Get full visibility and find hidden security issues

Keynote: Elastic Security evolution and vision

Using Data Science for Cybersecurity

Kubernetes Jakarta Meetup 010 - Service Mesh Observability with Kiali

SplunkLive! Munich 2018: Siemens Security Use Case

Democratizing Observability

Microsoft: Enterprise search for cloud native applications

Palestra de abertura: Evolução e visão do Elastic Security

Real-time analytics in IoT by Sam Vanhoutte (@Building The Future 2019)

Machine Analytics: Correlate Your Logs and Metrics

Elastic APM : développez vos logs et vos indicateurs pour obtenir une vue com...

Setting up Sumo Logic - June 2017

Comment transformer vos données en informations exploitables

Keynote: Making search better, faster, easier

Combining Logs, Metrics, and Traces for Unified Observability

Similar to Threat hunting with Elastic APM

Elastic SIEM (Endpoint Security)

Kangaroot

Hacking appliances

Jonathan Suldo

Operationalizing the IoT with Mtell and Apache Spark

Julius Remigio, CBIP

Operationalizing the IoT with Mtell and Apache Spark Alex Bates, CTO, Mtell The volumes of data generated by sensor networks have eclipsed those generated by social networks according to a recent estimate. This includes the time series data generated by the process control systems, maintenance and lab systems, and observations made by operators and engineers. This tidal wave of data generates both challenges and opportunities in the industrial IoT. Operations and maintenance personnel need to make better decisions about how they operate and maintain equipment, and engineers and stakeholders need to be able to predict more precisely what is occurring or what will happen in the future in continuous, discrete, and batch environments. This session will explore the evolution of descriptive, predictive, and prescriptive analytics, and toolsets incorporating Apache Spark which address the changing needs of industrial process stakeholders. Video Presentation: https://youtu.be/t38Dfkzwxl4

SAST Threat Detection: What you stand to gain from intelligent, SAP real-time...

akquinet enterprise solutions GmbH

Your efforts to protect your SAP systems won't be complete until you have reliable way to keep a constant eye on your transactions and applications. When you detect critical incidents right when they occur, you'll be able take immediate action in response. When you're under attack, your reaction time has a significant impact on the level of damage you can expect. It's not hard to see how a real-time solution like AKQUINET's SAST Security Radar pays for itself in short order. Detecting attacks based on log files and analyzing network traffic requires in-depth knowledge of the potential paths and patterns such incursions can follow. This is because events relevant to security have to be filtered out of a sea of data and placed in the proper context. -------------------------------------------------------------------------------- Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de

Why SureLog?

Ertugrul Akbas

Correlog Overview Presentation

Ameritech Systems Corporation

The SIEM market grew 30% in 2008 and demand remains strong despite difficult economic conditions. However, many companies still struggle to realize benefits from their SIEM solutions. CorreLog provides a SIEM platform that uses real-time event correlation, high-speed indexing, and flexible reporting to help organizations address challenges like prioritizing threats, reducing false positives, and ensuring compliance. CorreLog has over 200 customers globally and its solution integrates with existing management tools while providing a single pane of glass for security visibility.

Overall Security Process Review CISC 6621Agend.docx

karlhennesey

Overall Security Process Review CISC 662 1 Agenda Review of the following technologies and current products: SIEM CASB EDR (Enterprise Detection and Response) NGFW (Next Generation Firewalls) Threat Intelligence Summary of Term SANS Technology Institute - Candidate for Master of Science Degree What is a SIEM? SIEM - Security Information Event Management Logging and Event Aggregation Network (router,switch,firewall,etc) System (Server,workstation,etc) Application (Web, DB ) Correlation Engine 2+ related events = higher alarm (1+1=3) 3 At first glance SIEM's appliances and software look like an event aggregator. While a SIEM has the advantage of aggregating logs what puts them apart from the event aggregator market are the correlation engines. The correlation engines allow the ability to uncover threats/attacks across multiple related events which by themselves would not be a cause for alarm. SIEM 4 What is a SIEM? 5 Security information and event management (SIEM) is the technology that can tie all your systems together and give you a comprehensive view of IT security. IT security is typically a patchwork of technologies – firewalls, intrusion prevention, endpoint protection, threat intelligence and the like – that work together to protect an organization’s network and data from hackers and other threats. Tying all those disparate systems together is another challenge, however, and that’s where SIEM can help. SIEM systems manage and make sense of security logs from all kinds of devices and carry out a range of functions, including spotting threats, preventing breaches before they occur, detecting breaches, and providing forensic information to determine how a security incident occurred as well as its possible impact. Using SIEM How do SIEM Products help the following Security concerns? Countermeasures to detect attempts to infect internal system Identification of infected systems trying to exfiltrate information Mitigation of the impact of infected systems Detection of outbound sensitive information ( DLP) 6 These questions are a core part of a companies overall security architecture. If a SIEM isn't providing answers or solutions to these questions what is it doing? If you aren't using your SIEM to solve issues like these it may just be an expensive log aggregator/collection system sitting in your network collecting dust. SIEM Advantages Correlation of data from multiple systems and from different events detecting security and operational conditions Anomaly detection by using a baseline of events over time to find deviations from expected or normal behavior Comprehensive view into an environment based on event types, protocols, log sources, etc APT (advanced persistent threat) protection through detection of protocol and application anomalies Prioritization based on risk of threat to assets, staff can triage the most vulnerable targets Alerting and monitoring on events of interest to escalate pri ...

McAfee - Enterprise Security Manager (ESM) - SIEM

Iftikhar Ali Iqbal

The presentation provides the following: - McAfee Company Overview - McAfee Strategy - McAfee Security Operations Overview - Security Operations Challenges - ESM Overview - ESM Components - ESM Architecture - ESM Architecture - Large Customer Sample - ESM Integrations - ESM Use Cases - Sample - ESM Incident Scenario - Sample - ESM - Security Operations Please note all the information is based prior to Jan 2020.

Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning

Symantec

Cloud Intrusion and Autonomic Management in Autonomic Cloud Computing

ijtsrd

Autonomic cloud emerge as a result of emerging four properties of autonomic computing in cloud that are self-healing, self-monitoring, self-repairing and self-optimization We have defined a methodology to improve the security in cloud computing and also defined a methodology that can ensure the autonomic management in autonomic cloud computing We have selected 1 of the 7 properties of the autonomic cloud computing that is autonomic management Our main focus is on the security enhancement and avoidance of cloud intrusion in autonomic cloud computing Bilal Hussain CH "Cloud Intrusion and Autonomic Management in Autonomic Cloud Computing" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-6 , October 2018, URL: http://www.ijtsrd.com/papers/ijtsrd18378.pdf

Gartner_Critical Capabilities for SIEM 9.21.15

Jay Steidle

The document discusses security information and event management (SIEM) technologies and provides recommendations for choosing a SIEM solution. It analyzes several SIEM vendors based on critical capabilities for three common use cases: threat management, compliance, and SIEM. Vendors are rated on capabilities like real-time monitoring, threat intelligence, analytics, and log management. The document recommends forming cross-functional teams to define requirements, developing multi-year roadmaps, and selecting a solution that matches organizational needs and capabilities.

New enterprise application and data security challenges and solutions apr 2...

Ulf Mattsson

Ulf Mattsson presented on new enterprise application and data security challenges and solutions. He discussed how 20% of organizations are expected to budget for quantum computing projects by 2023 compared to less than 1% currently. He also summarized that web application security is needed based on Verizon's 2018 breach report showing many breaches originate from applications. Finally, he emphasized the importance of integrating security into the application development process from the beginning using approaches like SecDevOps and DevSecOps.

Reveelium Smart Predictive Analytics - Datasheet EN

ITrust - Cybersecurity as a Service

Machine Learning as service

Nihal Mehdi

This document summarizes the typical layers of a machine learning application: the store layer collects and stores data from various sources in a big data store; the model layer uses machine learning algorithms to analyze the data, develop models for prediction, and test the models; the service layer exposes the models as APIs for external applications to consume and make predictions with new data.

Changing the Security Monitoring Status Quo

EMC

Gartner market guide ai ops platforms

Rajeev Mohal

The document summarizes a Gartner report on AIOps platforms. It finds that while AIOps platforms are growing in use for functions like event correlation and anomaly detection, their application to functions like IT service management and DevOps is progressing more slowly. It recommends that organizations adopt AIOps platforms to augment monitoring tools, address specific use cases, support task automation and knowledge management, and enable continuous insights across IT operations management. The market for AIOps platforms is estimated to be between $300-500 million annually and is driven by the need to analyze growing data volumes, varieties, and velocities from digital transformation.

Sourcefire Webinar - NEW GENERATION IPS

mmiznoni

LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

rver21

LTS Secure SIEM is a security information and event management technology that provides real-time analysis of security alerts from networks and applications. It monitors security data and generates compliance reports. Key purposes of SIEM include effectively responding to security threats and conducting continuous monitoring and analysis of network events. LTS Secure SIEM provides automated, round-the-clock monitoring of networks to help organizations find cyberattack patterns, filter data, and protect IT assets and data.

Siem ppt

kmehul

Web-Based Online Embedded Security System And Alertness Via Social Media

IRJET Journal

This document describes a proposed web-based online embedded security system and alertness via social media. The system uses a Raspberry Pi kit with a hidden Markov model algorithm to analyze frames from a web camera monitoring a bank. It detects changes and object movement to identify intruders. If an intruder is detected, alerts are sent via WhatsApp to the bank manager and police for security purposes. The system aims to provide improved bank security over existing CCTV systems by more quickly detecting intruders before they can steal money.

Similar to Threat hunting with Elastic APM (20)

Elastic SIEM (Endpoint Security)

Hacking appliances

Operationalizing the IoT with Mtell and Apache Spark

SAST Threat Detection: What you stand to gain from intelligent, SAP real-time...

Why SureLog?

Correlog Overview Presentation

Overall Security Process Review CISC 6621Agend.docx

McAfee - Enterprise Security Manager (ESM) - SIEM

Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning

Cloud Intrusion and Autonomic Management in Autonomic Cloud Computing

Gartner_Critical Capabilities for SIEM 9.21.15

New enterprise application and data security challenges and solutions apr 2...

Reveelium Smart Predictive Analytics - Datasheet EN

Machine Learning as service

Changing the Security Monitoring Status Quo

Gartner market guide ai ops platforms

Sourcefire Webinar - NEW GENERATION IPS

LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

Siem ppt

Web-Based Online Embedded Security System And Alertness Via Social Media

More from FaithWestdorp

Using Elastiknn for exact and approximate nearest neighbor search

FaithWestdorp

Elastiknn (https://elastiknn.com/) is an open-source Elasticsearch plugin for exact and approximate nearest neighbor search. Methods like word2vec and neural nets can convert various data modalities (text, images, users, items, etc.) into numerical vectors (i.e., embeddings), enabling data scientists and engineers to use nearest neighbor queries to search for semantically similar data (e.g., similar documents, images, users, etc.). Elasticsearch is a ubiquitous search solution, but its support for vector search is still evolving. Elastiknn fills the gap by bringing efficient exact and approximate vector search to Elasticsearch. This enables an enhanced search experience by combining traditional queries (e.g., products matching <some text query>) with nearest neighbor search queries (e.g., products with images similar to <a user-provided image>). In this talk, Alex will present the features of Elastiknn, some example use-cases, and a few of the interesting engineering challenges in building it.

Observability from the Home

FaithWestdorp

Elasticsearch Goes to Congress

FaithWestdorp

Learn how Congress is starting to use Elasticsearch to modernize search, and how you can help to accelerate this change. Until just a decade ago, some of the most important precedents of Congress were stored and indexed on paper cards. This system was replaced by a slow, clunky SQL search and there was initially resistance when Xcential proposed to convert this to Elasticsearch (v1.7.2), because lawyers feared that ‘relevance’-based search would be less precise. With accurate results, 50 times faster, users were won over. Now there is a potential to use modern search, not only for precedents, but throughout the work of Congress and in state legislatures as well. We’ll talk about some of these projects, and how you could get involved (we’re hiring!).

Eliminate your zombie technology ray myers - 11-5-2020

FaithWestdorp

Announcing the open source release of Zombie Technology Elimination Project (ZTEP), gamifying the retirement of deprecated tech, powered by Elasticsearch! Model the progress of a code migration effort as zombies that are still left to defeat! Support a culture of recognition by publicly celebrating the contributions of Zombie Hunters (code migrators) by awarding points and featuring them on the Hunter Heroes Leaderboard. Inspired by the original ZTEP project by Mike Finney (@FinneyCanHelp) and others at Carfax: https://www.gamification.co/2013/09/11/gamifying-the-destruction-of-zombie-technology Based on the behavioral science of Octalysis gamification framework: https://yukaichou.com/gamification-examples/octalysis-complete-gamification-framework/

Mejorando las busquedas en nuestras aplicaciones web con elasticsearch

FaithWestdorp

Evolving with Elastic: GetSet Learning

FaithWestdorp

Elasticsearch enabled productive collaboration between product and engineering teams at GetSet Learning. It allowed them to quickly prototype and build key features like recommended tags, feeds, and products. Some lessons learned were that Elasticsearch provided a unified search framework, tools for syncing processes between teams, and hosted services through Elastic Cloud. These factors facilitated efficient collaboration between teams.

EmPOW: Integrating Attack Behavior Intelligence into Logstash Plugins

FaithWestdorp

This document discusses integrating MITRE ATT&CK intelligence into Logstash plugins to provide security analysts with more context about threats. It covers writing plugins to extract relevant data from logs and map detections to MITRE tactics and techniques. When data is missing, the plugin uses other intelligence sources to infer classifications. The document demonstrates connecting Logstash pipelines to leverage parsing and enrichment, and shows tools for viewing and debugging pipeline configurations.

Examining OpenData with a Search Index using Elasticsearch

FaithWestdorp

Elastic is a search company that provides three main solutions - Elastic Enterprise Search, Elastic Security, and Elastic Observability. It has employees in over 40 countries and is a public company listed on the NYSE. Elastic focuses on fast, scalable search capabilities that are relevant to users. It provides unified visibility for logs, metrics and application performance monitoring. Elastic Security integrates endpoint protection and security information and event management. All solutions are powered by the Elastic Stack which allows ingestion, storage, search and analysis of data from any source.

From the trenches: scaling a large log management deployment

FaithWestdorp

This document discusses the deployment of Elastic Cloud Enterprise (ECE) for a large log management project. It summarizes the client's requirements of 120,000 events per second with 30-day retention across 500TB of logs from various sources. It then describes the ECE implementation using the client's existing hardware, including setting up availability zones, clusters, and determining storage density. It also covers shard sizing testing, Logstash architecture for ingesting from Kafka, and tuning Logstash for optimal ingestion performance.

Logstash and Maxmind: not just for GEOIP anymore

FaithWestdorp

Elasticsearch's aggregations & esctl in action or how i built a cli tool...

FaithWestdorp

Searching for NLP: Using Elasticsearch to Create MVPs of NLP-enabled User Ex...

FaithWestdorp

The document discusses improving natural language processing (NLP) for information retrieval. It notes the challenge of connecting users to relevant information and outlines some approaches to improve search, including focusing on fundamentals like query segmentation, using various tools like facets to provide additional options, and starting simply to address discrete use cases before expanding capabilities. The goal is to better understand users through an iterative process of learning from their experiences.

Introduction to machine learning using Elastic

FaithWestdorp

This document summarizes an Elastic webinar on machine learning in Elastic Search. It introduces the speakers and provides an overview of Elastic's machine learning capabilities including anomaly detection, time series analysis, and forecasting. It also demonstrates anomaly detection and discusses how machine learning can be used for tasks like language identification, fraud detection, and user classification. The webinar explores both unsupervised and supervised machine learning techniques and how ML can help with search relevance, observability, and security use cases.

Upgrade your attack model: finding and stopping fileless attacks with MITRE A...

FaithWestdorp

Patrick Tierney gave a presentation about using the MITRE ATT&CK framework to model attacks and evaluate security defenses. He discussed how attack models have evolved over time from earlier models to the current MITRE ATT&CK framework, which captures over 300 attacker techniques. Tierney demonstrated how to map a hypothetical in-memory attack using Cobalt Strike to specific techniques in the MITRE ATT&CK matrix. He recommended that Atomic Red Team and AttackIQ can be used to test defenses against MITRE ATT&CK techniques.

Elastic Observability

FaithWestdorp

George Kobar, a community advocate for Capgemini, shared information on observability at a Meetup for New Application Development. The document defines observability as the combination of monitoring, metrics, and logging. It presents a typical observability stack that collects data from various sources to provide visibility for development, operations, and business teams through tools that analyze application performance, uptime, logs, metrics, and business KPIs. The stack advocates an elastic approach to storing all operational data together in Elasticsearch for unified access and analysis.

Guide to Data Visualization in Kibana

FaithWestdorp

This document provides an overview of data visualization in Kibana, including the types of visualizations and tools available. It discusses exploratory visualization for discovering patterns in unknown data, explanatory visualization for presenting findings to others, and operational visualization for monitoring systems. Some example tools in Kibana are listed for each type. The document concludes with a demo of visualizing an open NYC squirrel census dataset to illustrate exploratory, explanatory, and operational uses of Kibana.

Elastic's recommendation on keeping services up and running with real-time vi...

FaithWestdorp

Esctl in action elastic user group presentation aug 25 2020

FaithWestdorp

Bio: Jeff Moore is a Systems Engineer at Bandwidth with a focus on administering and extending Kubernetes, AWS, and the Elastic Stack to support internal customer use-cases. Originally a die-hard Kubernetes fan, his passions have now also extended to the Elastic Stack due to insights of the amazing things that can be done with well-architected data. He has lived in Raleigh for most of his life and currently has a love/hate relationship with the factory automation game Factorio. Jeff is a Certified Kubernetes Administrator with plans to complete the Elastic Certified Engineer exam. Abstract: In this talk, Jeff will talk about how he designed a command-line tool built on the go-elasticsearch project - making interactions with the elasticsearch APIs much easier. He will also go into the inspirations of the project, lessons learned, and future work.

More from FaithWestdorp (18)

Using Elastiknn for exact and approximate nearest neighbor search

Observability from the Home

Elasticsearch Goes to Congress

Eliminate your zombie technology ray myers - 11-5-2020

Mejorando las busquedas en nuestras aplicaciones web con elasticsearch

Evolving with Elastic: GetSet Learning

EmPOW: Integrating Attack Behavior Intelligence into Logstash Plugins

Examining OpenData with a Search Index using Elasticsearch

From the trenches: scaling a large log management deployment

Logstash and Maxmind: not just for GEOIP anymore

Elasticsearch's aggregations & esctl in action or how i built a cli tool...

Searching for NLP: Using Elasticsearch to Create MVPs of NLP-enabled User Ex...

Introduction to machine learning using Elastic

Upgrade your attack model: finding and stopping fileless attacks with MITRE A...

Elastic Observability

Guide to Data Visualization in Kibana

Elastic's recommendation on keeping services up and running with real-time vi...

Esctl in action elastic user group presentation aug 25 2020

Recently uploaded

WeTestAthens: Postman's AI & Automation Techniques

Postman

AWS Cloud Cost Optimization Presentation.pptx

HarisZaheer8

This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.

Skybuffer SAM4U tool for SAP license adoption

Tatiana Kojar

Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool. SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.

GraphRAG for Life Science to increase LLM accuracy

Tomaz Bratanic

Columbus Data & Analytics Wednesdays - June 2024

Jason Packer

Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr

saastr

Finale of the Year: Apply for Next One!

GDSC PJATK

Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...

Tatiana Kojar

Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI. With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.

How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf

Chart Kalyan

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Malak Abu Hammad

Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers: * What is Vector Search? * Importance and benefits of vector search * Practical use cases across various industries * Step-by-step implementation guide * Live demos with code snippets * Enhancing LLM capabilities with vector search * Best practices and optimization strategies Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications. #MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology

Operating System Used by Users in day-to-day life.pptx

Pravash Chandra Das

Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes. Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions. Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻 The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️ Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution. The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟

Trusted Execution Environment for Decentralized Process Mining

LucaBarbaro3

Monitoring and Managing Anomaly Detection on OpenShift.pdf

Tosin Akinosho

Monitoring and Managing Anomaly Detection on OpenShift Overview Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices. Key Topics Covered 1. Introduction to Anomaly Detection - Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems. 2. Understanding Edge (IoT) - Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source. 3. What is ArgoCD? - Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices. 4. Deployment Using ArgoCD for Edge Devices - Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD. 5. Introduction to Apache Kafka and S3 - Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions. 6. Viewing Kafka Messages in the Data Lake - Learn how to view and analyze Kafka messages stored in a data lake for better insights. 7. What is Prometheus? - Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices. 8. Monitoring Application Metrics with Prometheus - Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system. 9. What is Camel K? - Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes. 10. Configuring Camel K Integrations for Data Pipelines - Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow. 11. What is a Jupyter Notebook? - Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text. 12. Jupyter Notebooks with Code Examples - Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.

Presentation of the OECD Artificial Intelligence Review of Germany

innovationoecd

Serial Arm Control in Real Time Presentation

tolgahangng

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...

saastr

Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on integration of Salesforce with Bonterra Impact Management. Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Best 20 SEO Techniques To Improve Website Visibility In SERP

Pixlogix Infotech

Introduction of Cybersecurity with OSS at Code Europe 2024

Hiroshi SHIBATA

I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems. The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS. Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application. I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.

Main news related to the CCS TSI 2023 (2023/1695)

Jakub Marek

An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers. The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 . The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .

Recently uploaded (20)

WeTestAthens: Postman's AI & Automation Techniques

AWS Cloud Cost Optimization Presentation.pptx

Skybuffer SAM4U tool for SAP license adoption

GraphRAG for Life Science to increase LLM accuracy

Columbus Data & Analytics Wednesdays - June 2024

Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr

Finale of the Year: Apply for Next One!

Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...

How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Operating System Used by Users in day-to-day life.pptx

Trusted Execution Environment for Decentralized Process Mining

Monitoring and Managing Anomaly Detection on OpenShift.pdf

Presentation of the OECD Artificial Intelligence Review of Germany

Serial Arm Control in Real Time Presentation

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...

Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...

Best 20 SEO Techniques To Improve Website Visibility In SERP

Introduction of Cybersecurity with OSS at Code Europe 2024

Main news related to the CCS TSI 2023 (2023/1695)

Threat hunting with Elastic APM

1. Threat Hunting with APM Search. Observe. Protect. Ruben Perez (Sr. Solutions Architect @ Elastic) May 28, 2020 sled@elastic.co

2. Distributed Workforce, the New Norm

3. - Monitor software services and applications in real time to make it easier to pinpoint and remedy performance problems, quickly. - Automatically collect unhandled errors and exceptions. - Automatically retrieve basic host-level and agent speciﬁc metrics. Application Performance Monitoring

4. Elastic Enterprise Search Elastic SecurityElastic Observability Kibana Elasticsearch Beats Logstash 3 solutions powered by 1 stack Elastic Stack

5. Business Deployment Abstract Applications VMs/Containers Other DBs, Services & Middleware Orchestration InfrastructureAPM Metrics Logs Uptime Uptime APM Metrics APM Logs APM APM Metrics Logs Uptime Metrics Logs Uptime APM

6. APM Supported Technologies RealUserMonitoring

7. Combine autonomous monitoring with alerts of unknown & defined events. Correlate ML & Watcher with APM view from same screen Reduces the need to toggle between tabs to generate ML jobs or Watcher alerts on events of APM monitored services. Apply APM metadata as filters in different solution views The Elastic solutions all have a variant view of the dataset, but can share APM metadata as filters to cull the view Event Detection

8. Decrease MTTR by sequencing ML and APM analysis APM service(s) driving anomalous event(s) Observe how ML triggered events are inﬂuenced by APM services. Analyze in ML & APM views ML anomalies can contain a hyperlink to the APM analysis view of the service(s) that inﬂuenced the event. ML + APM Analysis

9. Server & service information can assist in securing the network APM Server information can be shared in SIEM Leveraging the same dataset as APM, SIEM can be used to track and identify potential threats to the business Tagging can help reduce MTTR APM data can be tagged for use in the various Elastic solutions, especially SIEM, as a ﬁltration mechanism Highlight unexpected processes Rogue processes or unauthorized access requests can be quickly identiﬁed with APM & SIEM monitoring Threat Hunting with APM

10. APM data can be used by SIEM to perform signal detections Customize signal detection rules for APM data Apply target inﬂuencer(s) of the signal detection leveraging APM metadata Select any MITRE attack models to apply to the signal rule Each MITRE attack model has collection techniques that can be applied Schedule the signal for continued threat hunting Flexibility to select signal detection frequency APM Driven Threat Hunting https://www.elastic.co/campaigns/mitre-attack

11. Show Me Something Search. Observe. Protect.

12. SLED Virtual Group ● Are you interested in learning more about Elastic? ● Do you want to represent your community at the next Elastic Virtual Group? ● Come check out your opportunity to be a leader and have your voice heard: ○ https://community.elastic.co/state-and-local-government-and- education-sled-virtual/ At our next Virtual Group, led by Jenny Morris, we will be learning more about how to Leverage Elastic machine learning features to enhance your security posture.

13. Training Subscriptions Annual pass Year-round learning solution for a named user Training on the go Flexible options include live, virtual and On-Demand training Immersive learning Hands-on, solution-based training Extensive curriculum Classes span the Elastic Stack with new content added regularly Explore all beneﬁts

14. Elastic Use Cases Elastic Enterprise Search Elastic SecurityElastic Observability https://www.elastic.co/customers/

15. Elastic is a Search Company. www.elastic.co Thank you, any questions? Search. Observe. Protect.

Threat hunting with Elastic APM

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Threat hunting with Elastic APM

Similar to Threat hunting with Elastic APM (20)

More from FaithWestdorp

More from FaithWestdorp (18)

Recently uploaded

Recently uploaded (20)

Threat hunting with Elastic APM