- Attack Monitoring using Elasticsearch, Logstash, Kibana
Attack Monitoring using Elasticsearch, Logstash, Kibana
Prajal Kulkarni & Himanshu Kumar Das
Trainer Name: Prajal Kulkarni & Himanshu Kumar Das
Title: Attack Monitoring using Elasticsearch, Logstash, Kibana
Duration: 2 Days
Continuous Security Monitoring of Medium and Big enterprise is big challenge. Logs pouring in from thousands of endpoints, server and perimeter devices make it impossible to monitor activities, attacks malicious patterns in real time which can enable better security incident response & event handling. Organisation bear huge losses due to lack of visibility in their network activities across the infrastructure.
This unique hands on course will teach you to take control of enterprise wide logs, analyze them in real time using LOGSTASH and ELASTISEARCH frameworks. Learn to generate powerful visualization & data modeling tool KIBANA, which makes analysis of data and decision making smooth and easier.
Course being very suitable for managing Security Operation Center by building in house loganalysis + Attack Monitoring + Visualization tool, this course equally empowers security enthusiast, Server DevOps, and startups by rapidly creating an affordable Security Analytics Platform.
- Overview & Architecture of Elk
- Setting up ElasticSearch
- Overview of ElasticSearch APIs
- Various plugins of elasticsearch and Use of it
Dumping data into ElasticSearch
- How to write logstash grok filters
- Setting up logstash forwarder
- Social Media Monitoring using ELK
- Overview of Kibana Dashboard
- Setting up Visualizations in Kibana
- Setting up multiple dashboards in Kibana
Alerting and Case Studies
- Overview Of ElastAlert
- Creating and Testing for Rules
- Setting up different Rule Types
- Aggregating and Sub-aggregating filters
- Setting up an Alerter
- Attack alerting using ELK setup
- System profiling using OSQuery
What to expect
Once you take this course you should be able to have detailed knowledge of how ELK architechture works in an environment and apply the same knowledge to your company architecture.
This will help you to develop in house Intrusion Detection system using the same ELK architechture.
Who Should Attend?
Server admins, Security enthusiasts, Startups having no budget to procure commercial SIEM solutions.
What not to expect
We will not be covering ELK scaling techniques. This training is more oriented to understand the working of ELK and leveraging this to an Intrusions Detection System.
What you will get
- Tools and software provided for the training.
- Completely documented script and programs
- A simple to follow step by step walk through of the entire training in a PDF file
- Virtual machines with code used during the training so that you can even practice after the training is over.
What you should get
- A laptop with administrator privileges.
- 30 GB of free Hard Disk Space.
- Ideally 8 GB of RAM but minimum 4 GB.
- Laptop should have a working wireless and wired/Ethernet connection.
- Latest Oracle Virtualbox(preferred) or VMWare Workstation or VMWare Fusion installed
- Other virtualization software might work but we will not be able to provide support for that.
About the Trainers
Prajal Kulkarni, is a Security Researcher currently working with FlipKart. He is an active member of Null Security Community for the past 3 Years. His area of interest includes Web and mobile application security. He writes a security blog at www.prajalkulkarni.com and he is also the lead contributor at project Code Vigilant. In the past he has disclosed several vulnerabilities in core components of GLPI, BugGenie, Owncloud etc. He has also reported many security vulnerabilities to companies like Adobe, Twitter, Facebook, Google, Mozilla and is also acknowledged on their Hall of fame. He has spoken at the GraceHopper'13 security conference.
Himanshu Kumar Das
Himanshu Kumar Das, is a security researcher with hands on experience in Web Application Security, Network Security and Mobile (primarily Android) Security. Himanshu is currently working with FlipKart. Himanshu enjoys to code / learn in python. Himanshu participates in CTF’s representing Team SegFault. Himanshu has won Nullcon JailBreak 2012 and had been architect for HackIM CTF since 2012.