SlideShare a Scribd company logo

University of Oxford: building a next generation SIEM

Elasticsearch
Elasticsearch

The University of Oxford’s Cyber Security Incident Response developed an in-house, next generation SIEM. Discover this system's capabilities, lessons learned, and why the Elastic Stack was chosen for its core. See the video: https://www.elastic.co/elasticon/tour/2019/london/oxford-university-building-a-next-generation-siem

Technology
1 of 41
1 Kristian Kocher, Security Big Data Lead
 Marko Jung, Global Head of Information Security Operations University of Oxford CERT 22nd October 2019 Building a next generation SIEM
OXFORD RESEARCHERS ARE MAJOR CONTRIBUTORS TO THE GLOBAL RESPONSE TO THE ZIKA EPIDEMIC Oxford Research •Oxford employs over 13,900 people, of which 7,260 are academics, researchers or teachers (56%). •According to the 2014 Research Excellence Framework, the latest official UK-wide assessment of all university research, Oxford has the largest volume of world-leading research in the country. •5% of all the UK’s graduate research students are studying at the University of Oxford.
OXFORD STUDENTS CELEBRATING AT RADCLIFFE CAMERA SQUARE AFTER THEIR FINAL EXAMS. Oxford Education •Oxford was ranked first in the world in the Times 
 Higher Education (THE) World University Rankings 
 for 2017, 2018, 2019, and 2020. •Nearly 24,000 students (11,747 UG, 11,687 PG) •Oxford is very competitive: around 21,500 people applied for around 3,300 undergraduate places for 
 entry in 2018. •Oxford offers more than 300 different graduate 
 degree programmes. •43% of our total student body – almost 10,000 students – are citizens of foreign countries. Students come to Oxford from over 150 countries and territories.
• Highly federated environment with 800 members of IT staff across over 110 units, plus 44 Colleges and Permanent Private Halls. • Units operate largely independently • Oxford operates one of the largest private networks in the country with • ~100,000 registered devices • redundant 40GBit/s Internet uplink Oxford 
 Information Technology
Oxford Cyber Security •2019 marks the 25th anniversary of OxCERT. •17 security experts split across two teams cover all five functions: identify, protect, detect, respond, and recover. •Offering services to the collegiate University similar to a managed security services provider. •Collaboration with cyber security researchers. •Deeply integrated in the international 
 security community.
Our Elastic Stack Story Proof of concept using Elasticsearch 1.5.1 Open Source 20192018201720162015 SAVANT – first production service using Elasticsearch 2.3 Upgrade to Elasticsearch 5.5.3
 Development subscription
 SearchGuard
 Hardware refresh Upgrades to Elasticsearch 6.x 
 Gold subscription
 More hardware Upgrade to Elasticsearch 7.2.x
 Platinum subscription
 Elastic Security
 Even more shiny kit
Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Data Generation & Collection Queue Processing &
 Enrichment Elastic Cluster Architecture Queue
 (2 locations)
Get a Handle on Your Data Just collecting all possible logs, events, and alarms does not help making sense out of them! • NTP time source, UTC based logging, and ISO 8601 date • Normalise your data during ingest, e.g.
 2001:420:1101:1::A vs 
 2001:420:1101:1:0:0:0:a (abbreviations and capitalisation) • Enrich with fresh metadata at ingest to capture situational context • Keep all the facts – or are you worried about the cost of storage? • Use a consistent schema...
Elastic Common Schema •Open Source specification for •a common set of fields •field groupings •naming conventions for custom fields •https://github.com/elastic/ecs •Objective: normalise event data in Elasticsearch •Elastic on their journey to support ECS in all their products
Elastic's Journey illustrated on NetFlow Codec
 nProbe Cento netflow.ipv4_src_addr netflow.l4_src_port netflow.in_pkts Logstash Module netflow.src_addr netflow.src_port netflow.packets
Elastic's Journey illustrated on NetFlow Codec
 nProbe Cento netflow.ipv4_src_addr netflow.l4_src_port netflow.in_pkts Logstash Module netflow.src_addr netflow.src_port netflow.packets
Elastic's Journey illustrated on NetFlow ECS is volatile and keeping on top is not always easy, but join us on the ride! Codec
 nProbe Cento netflow.ipv4_src_addr netflow.l4_src_port netflow.in_pkts Logstash Module netflow.src_addr netflow.src_port netflow.packets FileBeat Module netflow.source_ipv4_address netflow.tcp_source_port
 netflow.udp_source_port netflow.packet_total_count
 [ and many others ] Elastic Common Schema source.ip source.port source.packets
 network.packets
Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Elastic Cluster Architecture Queue
 (2 locations)
UsersDevices Network
Sophos Central Dashboard
Sophos Central Alerts
Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Elastic Cluster Architecture Queue
 (2 locations)
Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Sophos Cloud Data Collection Queue
 (2 locations) ... Sophos Central Event and Device Data Collector
Device Metadata in Extended ECS
Consolidated Sophos Dashboard
UsersDevices Network
Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Groupware Data Collection Queue
 (2 locations) CloudApp Security Exchange
 (on premise) Office365 CloudApp Log and Event Collector Office365 Log and Audit Collector Exchange Log, Audit, and Message Traces
Email Metadata in Extended ECS
Dashboards using Elastic
Compromised 
 Accounts and Systems 
 Behave Anomalously
Compromised Account Detection
Learn from experience? The Rise of the Machines Learn from experience Follow instructionsdata
Not All Entities are the Same
Not All Entities are the Same
Time Series Analysis
UsersDevices Network
Passive Fibre Tapping
Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis NetFlow Generation Architecture Queue
 (2 locations)
NetFlow in Numbers Typical 12 – 20 Gbit/s full duplex throughput •24 – 86 thousand events per second •0,76 –1,5 billion documents per day •400 – 600 GB index data disk per day •3-8 seconds from generation to index
Applications •Network Intrusion Detection •Threat Intelligence Real-Time and Retro Matching •IoC free – Machine Learning based Threat Hunting
Elastic ML on NetFlow
UsersDevices Network
SecDevOps ORCHESTRATION AUTOMATION MULTI-VENDOR DATA-DRIVEN AGILITY ADAPTABILITY VELOCITY INTEGRATION APIS BIG DATA SecDevOps RETRO MATCHING AND HUNTING PERMISSIVE CULTURE
Thank You! Kristian Kocher Security Big Data Lead m@mju.ng @mjung fb.com/markohjung Marko Jung Global Head of Information Security Operations

Recommended

Zabbix 3.2 presentation June 2017
Zabbix 3.2 presentation June 2017Zabbix 3.2 presentation June 2017
Zabbix 3.2 presentation June 2017
Amirhossein Saberi
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
Splunk
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Splunk Threat Hunting Workshop
Splunk Threat Hunting WorkshopSplunk Threat Hunting Workshop
Splunk Threat Hunting Workshop
Splunk
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEM
Elasticsearch
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
AlienVault
 
SplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search Optimization
Splunk
 
CyberArk Master Policy Intro
CyberArk Master Policy IntroCyberArk Master Policy Intro
CyberArk Master Policy Intro
CyberArk
 

Recommended

Zabbix 3.2 presentation June 2017
Zabbix 3.2 presentation June 2017Zabbix 3.2 presentation June 2017
Zabbix 3.2 presentation June 2017
Amirhossein Saberi
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
Splunk
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Splunk Threat Hunting Workshop
Splunk Threat Hunting WorkshopSplunk Threat Hunting Workshop
Splunk Threat Hunting Workshop
Splunk
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEM
Elasticsearch
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
AlienVault
 
SplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search Optimization
Splunk
 
CyberArk Master Policy Intro
CyberArk Master Policy IntroCyberArk Master Policy Intro
CyberArk Master Policy Intro
CyberArk
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh
clevernetsystemsgeneva
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEM
John Hubbard
 
Log analysis with elastic stack
Log analysis with elastic stackLog analysis with elastic stack
Log analysis with elastic stack
Bangladesh Network Operators Group
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
Albert Hui
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 
Introduction to Tenable
Introduction to TenableIntroduction to Tenable
Introduction to Tenable
Bharat Jindal
 
Elastic stack Presentation
Elastic stack PresentationElastic stack Presentation
Elastic stack Presentation
Amr Alaa Yassen
 
Zabbix Monitoring Platform
Zabbix Monitoring Platform Zabbix Monitoring Platform
Zabbix Monitoring Platform
Seyedmajid Etehadi
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
워크로드 특성에 따른 안전하고 효율적인 Data Lake 운영 방안
워크로드 특성에 따른 안전하고 효율적인 Data Lake 운영 방안워크로드 특성에 따른 안전하고 효율적인 Data Lake 운영 방안
워크로드 특성에 따른 안전하고 효율적인 Data Lake 운영 방안
Amazon Web Services Korea
 
End-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic StackEnd-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic Stack
Elasticsearch
 
Datadog을 활용한 Elastic Kubernetes Service(EKS)에서의 마이크로서비스 통합 가시성 - 정영석 시니어 세일즈 ...
Datadog을 활용한 Elastic Kubernetes Service(EKS)에서의 마이크로서비스 통합 가시성 - 정영석 시니어 세일즈 ...Datadog을 활용한 Elastic Kubernetes Service(EKS)에서의 마이크로서비스 통합 가시성 - 정영석 시니어 세일즈 ...
Datadog을 활용한 Elastic Kubernetes Service(EKS)에서의 마이크로서비스 통합 가시성 - 정영석 시니어 세일즈 ...
Amazon Web Services Korea
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Splunk 101
Splunk 101Splunk 101
Splunk 101
Splunk
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting Workshop
Splunk
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
Splunk
 
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Chaitanya chandra sekhar
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
OpenStack Toronto Q3 MeetUp - September 28th 2017
OpenStack Toronto Q3 MeetUp - September 28th 2017OpenStack Toronto Q3 MeetUp - September 28th 2017
OpenStack Toronto Q3 MeetUp - September 28th 2017
Stacy Véronneau
 
Using the Open Science Data Cloud for Data Science Research
Using the Open Science Data Cloud for Data Science ResearchUsing the Open Science Data Cloud for Data Science Research
Using the Open Science Data Cloud for Data Science Research
Robert Grossman
 

More Related Content

What's hot

Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh
clevernetsystemsgeneva
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEM
John Hubbard
 
Log analysis with elastic stack
Log analysis with elastic stackLog analysis with elastic stack
Log analysis with elastic stack
Bangladesh Network Operators Group
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
Albert Hui
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 
Introduction to Tenable
Introduction to TenableIntroduction to Tenable
Introduction to Tenable
Bharat Jindal
 
Elastic stack Presentation
Elastic stack PresentationElastic stack Presentation
Elastic stack Presentation
Amr Alaa Yassen
 
Zabbix Monitoring Platform
Zabbix Monitoring Platform Zabbix Monitoring Platform
Zabbix Monitoring Platform
Seyedmajid Etehadi
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
워크로드 특성에 따른 안전하고 효율적인 Data Lake 운영 방안
워크로드 특성에 따른 안전하고 효율적인 Data Lake 운영 방안워크로드 특성에 따른 안전하고 효율적인 Data Lake 운영 방안
워크로드 특성에 따른 안전하고 효율적인 Data Lake 운영 방안
Amazon Web Services Korea
 
End-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic StackEnd-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic Stack
Elasticsearch
 
Datadog을 활용한 Elastic Kubernetes Service(EKS)에서의 마이크로서비스 통합 가시성 - 정영석 시니어 세일즈 ...
Datadog을 활용한 Elastic Kubernetes Service(EKS)에서의 마이크로서비스 통합 가시성 - 정영석 시니어 세일즈 ...Datadog을 활용한 Elastic Kubernetes Service(EKS)에서의 마이크로서비스 통합 가시성 - 정영석 시니어 세일즈 ...
Datadog을 활용한 Elastic Kubernetes Service(EKS)에서의 마이크로서비스 통합 가시성 - 정영석 시니어 세일즈 ...
Amazon Web Services Korea
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Splunk 101
Splunk 101Splunk 101
Splunk 101
Splunk
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting Workshop
Splunk
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
Splunk
 
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Chaitanya chandra sekhar
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 

What's hot (20)

Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEM
 
Log analysis with elastic stack
Log analysis with elastic stackLog analysis with elastic stack
Log analysis with elastic stack
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
 
Introduction to Tenable
Introduction to TenableIntroduction to Tenable
Introduction to Tenable
 
Elastic stack Presentation
Elastic stack PresentationElastic stack Presentation
Elastic stack Presentation
 
Zabbix Monitoring Platform
Zabbix Monitoring Platform Zabbix Monitoring Platform
Zabbix Monitoring Platform
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
워크로드 특성에 따른 안전하고 효율적인 Data Lake 운영 방안
워크로드 특성에 따른 안전하고 효율적인 Data Lake 운영 방안워크로드 특성에 따른 안전하고 효율적인 Data Lake 운영 방안
워크로드 특성에 따른 안전하고 효율적인 Data Lake 운영 방안
 
End-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic StackEnd-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic Stack
 
Datadog을 활용한 Elastic Kubernetes Service(EKS)에서의 마이크로서비스 통합 가시성 - 정영석 시니어 세일즈 ...
Datadog을 활용한 Elastic Kubernetes Service(EKS)에서의 마이크로서비스 통합 가시성 - 정영석 시니어 세일즈 ...Datadog을 활용한 Elastic Kubernetes Service(EKS)에서의 마이크로서비스 통합 가시성 - 정영석 시니어 세일즈 ...
Datadog을 활용한 Elastic Kubernetes Service(EKS)에서의 마이크로서비스 통합 가시성 - 정영석 시니어 세일즈 ...
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Splunk 101
Splunk 101Splunk 101
Splunk 101
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting Workshop
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
 
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 

Similar to University of Oxford: building a next generation SIEM

OpenStack Toronto Q3 MeetUp - September 28th 2017
OpenStack Toronto Q3 MeetUp - September 28th 2017OpenStack Toronto Q3 MeetUp - September 28th 2017
OpenStack Toronto Q3 MeetUp - September 28th 2017
Stacy Véronneau
 
Using the Open Science Data Cloud for Data Science Research
Using the Open Science Data Cloud for Data Science ResearchUsing the Open Science Data Cloud for Data Science Research
Using the Open Science Data Cloud for Data Science Research
Robert Grossman
 
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Rick Bilodeau
 
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Streamsets Inc.
 
DataStax and Esri: Geotemporal IoT Search and Analytics
DataStax and Esri: Geotemporal IoT Search and AnalyticsDataStax and Esri: Geotemporal IoT Search and Analytics
DataStax and Esri: Geotemporal IoT Search and Analytics
DataStax Academy
 
Louise McCluskey, Kx Engineer at Kx Systems
Louise McCluskey, Kx Engineer at Kx SystemsLouise McCluskey, Kx Engineer at Kx Systems
Louise McCluskey, Kx Engineer at Kx Systems
Dataconomy Media
 
Cloud Standards in the Real World: Cloud Standards Testing for Developers
Cloud Standards in the Real World: Cloud Standards Testing for DevelopersCloud Standards in the Real World: Cloud Standards Testing for Developers
Cloud Standards in the Real World: Cloud Standards Testing for Developers
Alan Sill
 
ELK stack introduction
ELK stack introduction ELK stack introduction
ELK stack introduction
abenyeung1
 
Computation and Knowledge
Computation and KnowledgeComputation and Knowledge
Computation and Knowledge
Ian Foster
 
Structural Biology in the Clouds: A Success Story of 10 years
Structural Biology in the Clouds: A Success Story of 10 yearsStructural Biology in the Clouds: A Success Story of 10 years
Structural Biology in the Clouds: A Success Story of 10 years
AlexandreBonvin2
 
Tsinghua University: Two Exemplary Applications in China
Tsinghua University: Two Exemplary Applications in ChinaTsinghua University: Two Exemplary Applications in China
Tsinghua University: Two Exemplary Applications in China
DataStax Academy
 
Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018
Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018
Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018
Codemotion
 
Creating a Science-Driven Big Data Superhighway
Creating a Science-Driven Big Data SuperhighwayCreating a Science-Driven Big Data Superhighway
Creating a Science-Driven Big Data Superhighway
Larry Smarr
 
What’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackWhat’s Evolving in the Elastic Stack
What’s Evolving in the Elastic Stack
Elasticsearch
 
CERN IT Monitoring
CERN IT Monitoring CERN IT Monitoring
CERN IT Monitoring
Tim Bell
 
The Transformation of Systems Biology Into A Large Data Science
The Transformation of Systems Biology Into A Large Data ScienceThe Transformation of Systems Biology Into A Large Data Science
The Transformation of Systems Biology Into A Large Data Science
Robert Grossman
 
re:Invent 2013-foster-madduri
re:Invent 2013-foster-maddurire:Invent 2013-foster-madduri
re:Invent 2013-foster-madduri
Ravi Madduri
 
NASA Advanced Computing Environment for Science & Engineering
NASA Advanced Computing Environment for Science & EngineeringNASA Advanced Computing Environment for Science & Engineering
NASA Advanced Computing Environment for Science & Engineering
inside-BigData.com
 
Linked Open Data about Springer Nature conferences. The story so far
Linked Open Data about Springer Nature conferences. The story so farLinked Open Data about Springer Nature conferences. The story so far
Linked Open Data about Springer Nature conferences. The story so far
Aliaksandr Birukou
 
Openstack For Beginners
Openstack For BeginnersOpenstack For Beginners
Openstack For Beginnerscpallares
 

Similar to University of Oxford: building a next generation SIEM (20)

OpenStack Toronto Q3 MeetUp - September 28th 2017
OpenStack Toronto Q3 MeetUp - September 28th 2017OpenStack Toronto Q3 MeetUp - September 28th 2017
OpenStack Toronto Q3 MeetUp - September 28th 2017
 
Using the Open Science Data Cloud for Data Science Research
Using the Open Science Data Cloud for Data Science ResearchUsing the Open Science Data Cloud for Data Science Research
Using the Open Science Data Cloud for Data Science Research
 
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
 
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
 
DataStax and Esri: Geotemporal IoT Search and Analytics
DataStax and Esri: Geotemporal IoT Search and AnalyticsDataStax and Esri: Geotemporal IoT Search and Analytics
DataStax and Esri: Geotemporal IoT Search and Analytics
 
Louise McCluskey, Kx Engineer at Kx Systems
Louise McCluskey, Kx Engineer at Kx SystemsLouise McCluskey, Kx Engineer at Kx Systems
Louise McCluskey, Kx Engineer at Kx Systems
 
Cloud Standards in the Real World: Cloud Standards Testing for Developers
Cloud Standards in the Real World: Cloud Standards Testing for DevelopersCloud Standards in the Real World: Cloud Standards Testing for Developers
Cloud Standards in the Real World: Cloud Standards Testing for Developers
 
ELK stack introduction
ELK stack introduction ELK stack introduction
ELK stack introduction
 
Computation and Knowledge
Computation and KnowledgeComputation and Knowledge
Computation and Knowledge
 
Structural Biology in the Clouds: A Success Story of 10 years
Structural Biology in the Clouds: A Success Story of 10 yearsStructural Biology in the Clouds: A Success Story of 10 years
Structural Biology in the Clouds: A Success Story of 10 years
 
Tsinghua University: Two Exemplary Applications in China
Tsinghua University: Two Exemplary Applications in ChinaTsinghua University: Two Exemplary Applications in China
Tsinghua University: Two Exemplary Applications in China
 
Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018
Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018
Managing your Black Friday Logs - Antonio Bonuccelli - Codemotion Rome 2018
 
Creating a Science-Driven Big Data Superhighway
Creating a Science-Driven Big Data SuperhighwayCreating a Science-Driven Big Data Superhighway
Creating a Science-Driven Big Data Superhighway
 
What’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackWhat’s Evolving in the Elastic Stack
What’s Evolving in the Elastic Stack
 
CERN IT Monitoring
CERN IT Monitoring CERN IT Monitoring
CERN IT Monitoring
 
The Transformation of Systems Biology Into A Large Data Science
The Transformation of Systems Biology Into A Large Data ScienceThe Transformation of Systems Biology Into A Large Data Science
The Transformation of Systems Biology Into A Large Data Science
 
re:Invent 2013-foster-madduri
re:Invent 2013-foster-maddurire:Invent 2013-foster-madduri
re:Invent 2013-foster-madduri
 
NASA Advanced Computing Environment for Science & Engineering
NASA Advanced Computing Environment for Science & EngineeringNASA Advanced Computing Environment for Science & Engineering
NASA Advanced Computing Environment for Science & Engineering
 
Linked Open Data about Springer Nature conferences. The story so far
Linked Open Data about Springer Nature conferences. The story so farLinked Open Data about Springer Nature conferences. The story so far
Linked Open Data about Springer Nature conferences. The story so far
 
Openstack For Beginners
Openstack For BeginnersOpenstack For Beginners
Openstack For Beginners
 

More from Elasticsearch

An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
Elasticsearch
 
From MSP to MSSP using Elastic
From MSP to MSSP using ElasticFrom MSP to MSSP using Elastic
From MSP to MSSP using Elastic
Elasticsearch
 
Cómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webCómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios web
Elasticsearch
 
Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas
Elasticsearch
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Elasticsearch
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
Elasticsearch
 
Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.
Elasticsearch
 
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Elasticsearch
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
Elasticsearch
 
Welcome to a new state of find
Welcome to a new state of findWelcome to a new state of find
Welcome to a new state of find
Elasticsearch
 
Building great website search experiences
Building great website search experiencesBuilding great website search experiences
Building great website search experiences
Elasticsearch
 
Keynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchKeynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified search
Elasticsearch
 
Cómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesCómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisiones
Elasticsearch
 
Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud
Elasticsearch
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
Elasticsearch
 
Transforming data into actionable insights
Transforming data into actionable insightsTransforming data into actionable insights
Transforming data into actionable insights
Elasticsearch
 
Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?
Elasticsearch
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside Government
Elasticsearch
 
The opportunities and challenges of data for public good
The opportunities and challenges of data for public goodThe opportunities and challenges of data for public good
The opportunities and challenges of data for public good
Elasticsearch
 
Enterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticEnterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and Elastic
Elasticsearch
 

More from Elasticsearch (20)

An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
 
From MSP to MSSP using Elastic
From MSP to MSSP using ElasticFrom MSP to MSSP using Elastic
From MSP to MSSP using Elastic
 
Cómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webCómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios web
 
Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
 
Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.
 
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
 
Welcome to a new state of find
Welcome to a new state of findWelcome to a new state of find
Welcome to a new state of find
 
Building great website search experiences
Building great website search experiencesBuilding great website search experiences
Building great website search experiences
 
Keynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchKeynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified search
 
Cómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesCómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisiones
 
Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
 
Transforming data into actionable insights
Transforming data into actionable insightsTransforming data into actionable insights
Transforming data into actionable insights
 
Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside Government
 
The opportunities and challenges of data for public good
The opportunities and challenges of data for public goodThe opportunities and challenges of data for public good
The opportunities and challenges of data for public good
 
Enterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticEnterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and Elastic
 

Recently uploaded

Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 

Recently uploaded (20)

Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 

University of Oxford: building a next generation SIEM

  • 1. 1 Kristian Kocher, Security Big Data Lead
 Marko Jung, Global Head of Information Security Operations University of Oxford CERT 22nd October 2019 Building a next generation SIEM
  • 2.
  • 3. OXFORD RESEARCHERS ARE MAJOR CONTRIBUTORS TO THE GLOBAL RESPONSE TO THE ZIKA EPIDEMIC Oxford Research •Oxford employs over 13,900 people, of which 7,260 are academics, researchers or teachers (56%). •According to the 2014 Research Excellence Framework, the latest official UK-wide assessment of all university research, Oxford has the largest volume of world-leading research in the country. •5% of all the UK’s graduate research students are studying at the University of Oxford.
  • 4. OXFORD STUDENTS CELEBRATING AT RADCLIFFE CAMERA SQUARE AFTER THEIR FINAL EXAMS. Oxford Education •Oxford was ranked first in the world in the Times 
 Higher Education (THE) World University Rankings 
 for 2017, 2018, 2019, and 2020. •Nearly 24,000 students (11,747 UG, 11,687 PG) •Oxford is very competitive: around 21,500 people applied for around 3,300 undergraduate places for 
 entry in 2018. •Oxford offers more than 300 different graduate 
 degree programmes. •43% of our total student body – almost 10,000 students – are citizens of foreign countries. Students come to Oxford from over 150 countries and territories.
  • 5. • Highly federated environment with 800 members of IT staff across over 110 units, plus 44 Colleges and Permanent Private Halls. • Units operate largely independently • Oxford operates one of the largest private networks in the country with • ~100,000 registered devices • redundant 40GBit/s Internet uplink Oxford 
 Information Technology
  • 6. Oxford Cyber Security •2019 marks the 25th anniversary of OxCERT. •17 security experts split across two teams cover all five functions: identify, protect, detect, respond, and recover. •Offering services to the collegiate University similar to a managed security services provider. •Collaboration with cyber security researchers. •Deeply integrated in the international 
 security community.
  • 7. Our Elastic Stack Story Proof of concept using Elasticsearch 1.5.1 Open Source 20192018201720162015 SAVANT – first production service using Elasticsearch 2.3 Upgrade to Elasticsearch 5.5.3
 Development subscription
 SearchGuard
 Hardware refresh Upgrades to Elasticsearch 6.x 
 Gold subscription
 More hardware Upgrade to Elasticsearch 7.2.x
 Platinum subscription
 Elastic Security
 Even more shiny kit
  • 8. Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Data Generation & Collection Queue Processing &
 Enrichment Elastic Cluster Architecture Queue
 (2 locations)
  • 9. Get a Handle on Your Data Just collecting all possible logs, events, and alarms does not help making sense out of them! • NTP time source, UTC based logging, and ISO 8601 date • Normalise your data during ingest, e.g.
 2001:420:1101:1::A vs 
 2001:420:1101:1:0:0:0:a (abbreviations and capitalisation) • Enrich with fresh metadata at ingest to capture situational context • Keep all the facts – or are you worried about the cost of storage? • Use a consistent schema...
  • 10. Elastic Common Schema •Open Source specification for •a common set of fields •field groupings •naming conventions for custom fields •https://github.com/elastic/ecs •Objective: normalise event data in Elasticsearch •Elastic on their journey to support ECS in all their products
  • 11. Elastic's Journey illustrated on NetFlow Codec
 nProbe Cento netflow.ipv4_src_addr netflow.l4_src_port netflow.in_pkts Logstash Module netflow.src_addr netflow.src_port netflow.packets
  • 12. Elastic's Journey illustrated on NetFlow Codec
 nProbe Cento netflow.ipv4_src_addr netflow.l4_src_port netflow.in_pkts Logstash Module netflow.src_addr netflow.src_port netflow.packets
  • 13. Elastic's Journey illustrated on NetFlow ECS is volatile and keeping on top is not always easy, but join us on the ride! Codec
 nProbe Cento netflow.ipv4_src_addr netflow.l4_src_port netflow.in_pkts Logstash Module netflow.src_addr netflow.src_port netflow.packets FileBeat Module netflow.source_ipv4_address netflow.tcp_source_port
 netflow.udp_source_port netflow.packet_total_count
 [ and many others ] Elastic Common Schema source.ip source.port source.packets
 network.packets
  • 14. Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Elastic Cluster Architecture Queue
 (2 locations)
  • 18. Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Elastic Cluster Architecture Queue
 (2 locations)
  • 19. Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Sophos Cloud Data Collection Queue
 (2 locations) ... Sophos Central Event and Device Data Collector
  • 20. Device Metadata in Extended ECS
  • 23. Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis Groupware Data Collection Queue
 (2 locations) CloudApp Security Exchange
 (on premise) Office365 CloudApp Log and Event Collector Office365 Log and Audit Collector Exchange Log, Audit, and Message Traces
  • 24. Email Metadata in Extended ECS
  • 26. Compromised 
 Accounts and Systems 
 Behave Anomalously
  • 28. Learn from experience? The Rise of the Machines Learn from experience Follow instructionsdata
  • 29. Not All Entities are the Same
  • 30. Not All Entities are the Same
  • 33.
  • 35. Elasticsearch Master Nodes
 (3 locations) Data Nodes Hot
 (2 locations) Data Nodes Warm
 (2 locations) Processing Nodes
 (2 locations) LogstashLogstash Forwarder Nodes
 (2 locations) nProbe Cento Beats Syslog Kibana Load Balancer
 (1 location) Kibana Nodes
 (2 locations) Data Generation & Collection Queue Processing &
 Enrichment Indexing &
 Storage Visualisation & Analysis NetFlow Generation Architecture Queue
 (2 locations)
  • 36. NetFlow in Numbers Typical 12 – 20 Gbit/s full duplex throughput •24 – 86 thousand events per second •0,76 –1,5 billion documents per day •400 – 600 GB index data disk per day •3-8 seconds from generation to index
  • 37. Applications •Network Intrusion Detection •Threat Intelligence Real-Time and Retro Matching •IoC free – Machine Learning based Threat Hunting
  • 38. Elastic ML on NetFlow
  • 41. Thank You! Kristian Kocher Security Big Data Lead m@mju.ng @mjung fb.com/markohjung Marko Jung Global Head of Information Security Operations