Contact Details

Hacking and Cyber Security Briefing
manu
Manu Zacharia
+91-98470-96355
thomas
Thomas Kurian Ambattu
+91-94470-22081
akash
Akash Joseph Thomas
+91-94974-65363

WS - 7

Elastic Security Analytics

WS - 7

Elastic Security Analytics

 

Workshop Objective:

It is important to keep pace with the attack vectors of today and tomorrow. So, we need a solution which helps us to hunt for a needle in a haystack. Building a solution which collates, sanitizes and stores security event information, will enable further analysis by a SOC Analyst – using a single pane of glass is need of the hour. But what tools would help me achieve this? Elasticsearch or otherwise called as Elastic Stack (ELK-B) is appropriate engine to search petabytes of data in real time which helps you to do threat hunting in real time. Elasticsearch is the world's most popular distributed search engine. Developers across the world built various solutions which power several interesting user experiences. Over a period of time, Elasticsearch is omnipresent and the stack use cases are ever growing. In this workshop we will discuss more about building a threat hunting solution on top of Elasticsearch.

Course Content (ToC):

    Day 01

    • Elastic Stack Overview
      • Introduction to Elastic Stack
      • Use Cases
      • Technical Deep Dive of Elasticsearch
        • Terms
        • Distributed Nature
        • Managing Data (CRUD)
        • Queries
        • Architecture & Capacity Planning
        • Lab - 01
    • Technical Deep Dive of Logstash
      • Terms
      • Important Plugins
      • Ingesting Streaming Data
      • Working with Internal Queues
      • Architecture & Capacity Planning
      • Lab –02
    • Technical Deep Dive of Logstash
      • Terms
      • Important Plugins
      • Ingesting Streaming Data
      • Working with Internal Queues
      • Architecture & Capacity Planning
      • Lab –03
    • Technical Deep Dive of Beats
      • Beats Framework Overview
      • Types of Beats
      • Elastic Common Schema (ECS)
      • Configuration Files
      • Deploying Beats (Cloud, OnPrem, Containers)
      • Modules & Auto Discovery
      • Lab –04
    • Overview of Kibana
      • Kibana Overview
      • Setting up Visualizations
      • Monitoring Stack using Kibana
  • Day 02

    • Elastic SIEM Overview
      • Introduction to SIEM & Threat Hunting
      • Various Data Sources
      • Understanding SIEM UI
    • Analysing Host Data
      • Introduction to host Security
      • Ingesting Windows/Linux/macOS host data
    • Analysing Network Data
      • Introduction to Network Security
      • Ingesting Popular NSM/IDS Datasources
    • Ingesting data from Cloud Infrastructure
      • Primer on Cloud Security
      • Ingesting data from Events, Logs, Cloud Services
    • Making Data Insights Actionable
      • Alerting Framework
      • Running Machine Learning Jobs on Security Data
        • Anomaly Detection
        • Population Outlier Detection
        • Forecasting

Pre-requisite

  • Laptop with Admin Privileges
  • Ability to access any URL.
  • At least 8GB of RAM, 10GB of Disk space free on the system
  • Laptop should support hardware-based virtualization
  • If your laptop can run a 64-bit virtual machine in Oracle VirtualBox it should work
  • Other virtualization software might work but we will not be able to provide support for that
  • USB Ports for copying data

What is not covered?

Elastic Stack is an ocean with a lot of features, and interesting configuration parameters which is impossible to learn in 2 days. So this is just a primer and a great to do somethingawesome.

Participants’ Requirements:

  • Basic knowledge of Distributed Systems, REST APIs
  • Experience with Linux commands/modules/OS Concepts

Who should attend:

  • SecOps Teams, SOC Analysts, Developers working on developing Security Platforms.

Speaker Profile:

Aravind , Developer Advocate, Elastic

Aravind is passionate about evangelising technology, meeting developers and helping in solving their problems. He is a backend developer and has seven years of development experience.

Currently he works at Elastic as Developer Advocate and looks after the Developer Relation function of India & SE Asia. Previously, He worked at McAfee Antivirus as a Sr. Software Engineer in Cloud Security Domain. He has deep interest in Search, Machine Learning, Security Incident Analysis and IoT tech. In his free time, he plays around Raspi or a Arduino.