• Goa'15
  • Training
  • Attack Monitoring using Elasticsearch, Logstash, Kibana

Attack Monitoring using Elasticsearch, Logstash, Kibana

Prajal Kulkarni & Himanshu Kumar Das

Prajal Kulkarni Himanshu Kumar Das

Trainer Name: Prajal Kulkarni & Himanshu Kumar Das
Title: Attack Monitoring using Elasticsearch, Logstash, Kibana
Duration: 1 Day
Date: 4th February 2015

Register Now

Objective

With growing trend of Big data, companies are tend to rely on high cost SIEM solutions. However, with introduction of open source and lightweight cluster management solution like ElasticSearch this has been the highlight of the year. Similarly, the log aggregation has been simplified by logstash and kibana providing a visual look to the complex data structure. This training will exactly cater to this need of having a appropriate log analysis+Detecting Intrusion+Visualizing data in a powerful interface.

This training is meant for security enthusiast, Server DevOps, and startups. This will be a great learning to setup one's own ELK environment in their organization.

Course Outline Day wise

First Half

  • Overview of Elasticsearch, Logstash, Kibana.
  • Various terminologies used in ELK.
  • Using CURL.
  • Components of Logstash.
  • Logstash vs fluentd along with their setup.

Second Half

  • How to write logstash grok filters.
  • ELK setup on different web servers (apache, nginx).
  • Setting up logstash forwarder.
  • Attack alerting using ELK setup.
  • Various plugins of elasticsearch.
  • Overview of Kibana Dashboard.
  • Setting up multiple dashboards in Kibana

Who Should Attend?

Server admins, Security enthusiasts, Startups having no budget to procure commercial SIEM solutions.

About the Trainers

Prajal Kulkarni

Prajal Kulkarni, is a Security Researcher currently working with FlipKart. He is an active member of Null Security Community for the past 3 Years. His area of interest includes Web and mobile application security. He writes a security blog at www.prajalkulkarni.com and he is also the lead contributor at project Code Vigilant . In the past he has disclosed several vulnerabilities in core components of GLPI, BugGenie, Owncloud etc. He has also reported many security vulnerabilities to companies like Adobe, Twitter, Facebook, Google, Mozilla and is also acknowledged on their Hall of fame. He has spoken at the GraceHopper'13 security conference.

Himanshu Kumar Das

Himanshu Kumar Das, is a security researcher with hands on experience in Web Application Security, Network Security and Mobile (primarily Android) Security. Himanshu is currently working with FlipKart. Himanshu is an active member of NULL (a security community in India). Himanshu enjoys to code/learn in python. Himanshu believes that the web browser war has begun and hence his learning wish list includes browser security and exploit development. Himanshu has won Nullcon JailBreak 2012 and had been architect for HackIM CTF 13-14.

In his spare time, he experiments with different cuisines, watches tv series, follows tweets.

Copyright © 2019-20 | Nullcon India | International Security Conference | All Rights Reserved