security analytics using elk stack
TRANSCRIPT
Security Analytics Using ^^^ Stack
Abhishek Bhuyan
ELKB Stack
DisclaimerThis is more of demo session than slides...
Elasticsearch ● Distributed and Analytics Engine
○ Query anything - structured, unstructured, geo, metric○ Analyze - Explore trends and patterns○ RESTfulAPI○ Schema Free, JSON Documents○ Fast and Horizontally Scalable
Logstash ● Data Processing Pipeline
○ Ingest Data, Process and Output■ Ingest Data of many sources (Input Plugins)■ Parse & Transform data on the fly (Filter Plugins)■ Change Data Representations (Codec Plugins)■ Output data to many forms (Output Plugins)
Beats ● Lightweight Data Shippers
○ Data Gathering■ Filebeat■ Metricbeat■ Packetbeat■ Winlogbeat■ Heartbeat
Kibana ● Explore, Visualise, Discover Data
○ Interactive Visualization○ Custom Dashboards
Evolution of Cyber Threats
Evolution of Cyber Threats
What is Analytics?
● Data Driven approach for analyzing logs● Ask the right question and then figure out what data you need
to answer it○ Helps in modeling your data○ Helps in choosing the technology or tools you want to use
Let’s Demo
“The goal is to turn data into information, and information into insight.”
– Carly Fiorina, former CEO, Hewlett-Packard Co.