Security Analytics Using ^^^ Stack

Abhishek Bhuyan

ELKB Stack

DisclaimerThis is more of demo session than slides...

Elasticsearch ● Distributed and Analytics Engine

○ Query anything - structured, unstructured, geo, metric○ Analyze - Explore trends and patterns○ RESTfulAPI○ Schema Free, JSON Documents○ Fast and Horizontally Scalable

Logstash ● Data Processing Pipeline

○ Ingest Data, Process and Output■ Ingest Data of many sources (Input Plugins)■ Parse & Transform data on the fly (Filter Plugins)■ Change Data Representations (Codec Plugins)■ Output data to many forms (Output Plugins)

Beats ● Lightweight Data Shippers

○ Data Gathering■ Filebeat■ Metricbeat■ Packetbeat■ Winlogbeat■ Heartbeat

Kibana ● Explore, Visualise, Discover Data

○ Interactive Visualization○ Custom Dashboards

Evolution of Cyber Threats

Evolution of Cyber Threats

What is Analytics?

● Data Driven approach for analyzing logs● Ask the right question and then figure out what data you need

to answer it○ Helps in modeling your data○ Helps in choosing the technology or tools you want to use

Let’s Demo

“The goal is to turn data into information, and information into insight.”

– Carly Fiorina, former CEO, Hewlett-Packard Co.