CC
Uploaded byCysinfo Cyber Security Community
PDF, PPTX1,371 views

Security Analytics using ELK stack

The document discusses using the ELKB stack for security analytics. It describes the roles of Elasticsearch for data storage and querying, Logstash for data ingestion and processing, Beats for data collection, and Kibana for visualization. It notes that the session will demonstrate using these tools to turn log and event data into insights through analytics by asking the right questions and modeling the data needed to answer them.

Download as PDF, PPTX
Security Analytics Using ^^^ Stack Abhishek Bhuyan
ELKB Stack
Disclaimer This is more of demo session than slides...
Elasticsearch ● Distributed and Analytics Engine ○ Query anything - structured, unstructured, geo, metric ○ Analyze - Explore trends and patterns ○ RESTfulAPI ○ Schema Free, JSON Documents ○ Fast and Horizontally Scalable
Logstash ● Data Processing Pipeline ○ Ingest Data, Process and Output ■ Ingest Data of many sources (Input Plugins) ■ Parse & Transform data on the fly (Filter Plugins) ■ Change Data Representations (Codec Plugins) ■ Output data to many forms (Output Plugins)
Beats ● Lightweight Data Shippers ○ Data Gathering ■ Filebeat ■ Metricbeat ■ Packetbeat ■ Winlogbeat ■ Heartbeat
Kibana ● Explore, Visualise, Discover Data ○ Interactive Visualization ○ Custom Dashboards
Evolution of Cyber Threats
Evolution of Cyber Threats
What is Analytics? ● Data Driven approach for analyzing logs ● Ask the right question and then figure out what data you need to answer it ○ Helps in modeling your data ○ Helps in choosing the technology or tools you want to use
Let’s Demo
“The goal is to turn data into information, and information into insight.” – Carly Fiorina, former CEO, Hewlett-Packard Co.

More Related Content

PPTX
The Elastic Stack as a SIEM
byJohn Hubbard
 
PDF
ELK in Security Analytics
bynullowaspmumbai
 
PPTX
Log analysis using elk
byRushika Shah
 
PDF
Meetup070416 Presentations
byAna Rebelo
 
PDF
Technology behind-real-time-log-analytics
byData Science Thailand
 
PPTX
NATE-Central-Log
byStefan Coetzee
 
PDF
An Open Source NoSQL solution for Internet Access Logs Analysis
byJosé Manuel Ciges Regueiro
 
PDF
Scaling ELK Stack - DevOpsDays Singapore
byAngad Singh
 
The Elastic Stack as a SIEM
byJohn Hubbard
 
ELK in Security Analytics
bynullowaspmumbai
 
Log analysis using elk
byRushika Shah
 
Meetup070416 Presentations
byAna Rebelo
 
Technology behind-real-time-log-analytics
byData Science Thailand
 
NATE-Central-Log
byStefan Coetzee
 
An Open Source NoSQL solution for Internet Access Logs Analysis
byJosé Manuel Ciges Regueiro
 
Scaling ELK Stack - DevOpsDays Singapore
byAngad Singh
 

What's hot

PPTX
Elastic Stack Introduction
byVikram Shinde
 
PDF
Roaring with elastic search sangam2018
byVinay Kumar
 
PPTX
Logstash, Elasticsearch and Kibana
bySaroj Panyasrivanit
 
PDF
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
byEdureka!
 
PDF
Elk - An introduction
byHossein Shemshadi
 
PPTX
Logs, metrics and real time data analytics
byEwere Diagboya
 
PDF
"TextMining with ElasticSearch", Saskia Vola, CEO at textminers.io
byDataconomy Media
 
PPTX
Elasticsearch 5.0
byMatias Cascallares
 
PPTX
ElasticSearch for data mining
byWilliam Simms
 
PDF
Building a Real-Time News Search Engine: Presented by Ramkumar Aiyengar, Bloo...
byLucidworks
 
PDF
Elasticsearch quick Intro (English)
byFederico Panini
 
PPTX
DevOps, Yet Another IT Revolution
byRichard Langlois P. Eng.
 
PPTX
Distributed Tracing at UBER Scale: Creating a treasure map for your monitori...
byYuri Shkuro
 
PDF
Streamsets and spark in Retail
byHari Shreedharan
 
PDF
Why Elastic? @ 50th Vinitaly 2016
byChristoph Wurm
 
PPTX
Use cases for cassandra in federal and state government
byOpenSource Connections
 
PPTX
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
byRick Bilodeau
 
PDF
Interactive learning analytics dashboards with ELK (Elasticsearch Logstash Ki...
byAndrii Vozniuk
 
PDF
TweetMogaz - The Arabic Tweets Platform: Presented by Ahmed Adel, BADR
byLucidworks
 
PDF
Ubiquitous Solr - A Database's Not-So-Evil Twin: Presented by Ayon Sinha, Wal...
byLucidworks
 
Elastic Stack Introduction
byVikram Shinde
 
Roaring with elastic search sangam2018
byVinay Kumar
 
Logstash, Elasticsearch and Kibana
bySaroj Panyasrivanit
 
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
byEdureka!
 
Elk - An introduction
byHossein Shemshadi
 
Logs, metrics and real time data analytics
byEwere Diagboya
 
"TextMining with ElasticSearch", Saskia Vola, CEO at textminers.io
byDataconomy Media
 
Elasticsearch 5.0
byMatias Cascallares
 
ElasticSearch for data mining
byWilliam Simms
 
Building a Real-Time News Search Engine: Presented by Ramkumar Aiyengar, Bloo...
byLucidworks
 
Elasticsearch quick Intro (English)
byFederico Panini
 
DevOps, Yet Another IT Revolution
byRichard Langlois P. Eng.
 
Distributed Tracing at UBER Scale: Creating a treasure map for your monitori...
byYuri Shkuro
 
Streamsets and spark in Retail
byHari Shreedharan
 
Why Elastic? @ 50th Vinitaly 2016
byChristoph Wurm
 
Use cases for cassandra in federal and state government
byOpenSource Connections
 
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
byRick Bilodeau
 
Interactive learning analytics dashboards with ELK (Elasticsearch Logstash Ki...
byAndrii Vozniuk
 
TweetMogaz - The Arabic Tweets Platform: Presented by Ahmed Adel, BADR
byLucidworks
 
Ubiquitous Solr - A Database's Not-So-Evil Twin: Presented by Ayon Sinha, Wal...
byLucidworks
 

Viewers also liked

PPT
Malware Detection using Machine Learning
byCysinfo Cyber Security Community
 
PPTX
Advanced malware analysis training session3 botnet analysis part2
byCysinfo Cyber Security Community
 
PPTX
XXE - XML External Entity Attack
byCysinfo Cyber Security Community
 
PDF
IOT Exploitation
byCysinfo Cyber Security Community
 
PPT
Image (PNG) Forensic Analysis
byCysinfo Cyber Security Community
 
PPTX
Introduction to ICS/SCADA security
byCysinfo Cyber Security Community
 
PPTX
Reversing malware analysis training part3 windows pefile formatbasics
byCysinfo Cyber Security Community
 
PPTX
Reversing malware analysis training part1 lab setup guide
byCysinfo Cyber Security Community
 
ODP
Introduction to Binary Exploitation
byCysinfo Cyber Security Community
 
PDF
ATM Malware: Understanding the threat
byCysinfo Cyber Security Community
 
PPTX
Reversing malware analysis training part2 introduction to windows internals
byCysinfo Cyber Security Community
 
PPTX
Homomorphic encryption
byCysinfo Cyber Security Community
 
PPTX
Reversing malware analysis training part6 practical reversing
byCysinfo Cyber Security Community
 
PPTX
Reversing malware analysis training part4 assembly programming basics
byCysinfo Cyber Security Community
 
PPTX
Watering hole attacks case study analysis
byCysinfo Cyber Security Community
 
PDF
Linux Malware Analysis
byCysinfo Cyber Security Community
 
PPTX
Reversing malware analysis training part10 exploit development basics
byCysinfo Cyber Security Community
 
PPTX
Advanced malwareanalysis training session2 botnet analysis part1
byCysinfo Cyber Security Community
 
PDF
POS Malware: Is your Debit/Credit Transcations Secure?
byCysinfo Cyber Security Community
 
PDF
Investigating Malicious Office Documents: Analyzing Macros Malwares used in C...
byCysinfo Cyber Security Community
 
Malware Detection using Machine Learning
byCysinfo Cyber Security Community
 
Advanced malware analysis training session3 botnet analysis part2
byCysinfo Cyber Security Community
 
XXE - XML External Entity Attack
byCysinfo Cyber Security Community
 
IOT Exploitation
byCysinfo Cyber Security Community
 
Image (PNG) Forensic Analysis
byCysinfo Cyber Security Community
 
Introduction to ICS/SCADA security
byCysinfo Cyber Security Community
 
Reversing malware analysis training part3 windows pefile formatbasics
byCysinfo Cyber Security Community
 
Reversing malware analysis training part1 lab setup guide
byCysinfo Cyber Security Community
 
Introduction to Binary Exploitation
byCysinfo Cyber Security Community
 
ATM Malware: Understanding the threat
byCysinfo Cyber Security Community
 
Reversing malware analysis training part2 introduction to windows internals
byCysinfo Cyber Security Community
 
Homomorphic encryption
byCysinfo Cyber Security Community
 
Reversing malware analysis training part6 practical reversing
byCysinfo Cyber Security Community
 
Reversing malware analysis training part4 assembly programming basics
byCysinfo Cyber Security Community
 
Watering hole attacks case study analysis
byCysinfo Cyber Security Community
 
Linux Malware Analysis
byCysinfo Cyber Security Community
 
Reversing malware analysis training part10 exploit development basics
byCysinfo Cyber Security Community
 
Advanced malwareanalysis training session2 botnet analysis part1
byCysinfo Cyber Security Community
 
POS Malware: Is your Debit/Credit Transcations Secure?
byCysinfo Cyber Security Community
 
Investigating Malicious Office Documents: Analyzing Macros Malwares used in C...
byCysinfo Cyber Security Community
 

Similar to Security Analytics using ELK stack

PDF
End-to-End Security Analytics with the Elastic Stack
byElasticsearch
 
PPTX
Elastic Search Capability Presentation.pptx
byKnoldus Inc.
 
PDF
Elastic SIEM (Endpoint Security)
byKangaroot
 
PPTX
How Elastic Security Meets SOC Needs
byAnna Ossowski
 
PPTX
Filebeat Elastic Search Presentation.pptx
byKnoldus Inc.
 
PDF
BSides JAX 2019 - Threat Hunting with the Elastic Stack
byBrandon DeVault
 
PDF
Elastic Stack: Using data for insight and action
byElasticsearch
 
PPTX
Apache Spark Streaming -Real time web server log analytics
byANKIT GUPTA
 
PPTX
Elasticsearch features and ecosystem
byPavel Alexeev
 
PDF
Workshop: Big Data Visualization for Security
byRaffael Marty
 
PDF
Présentation ELK/SIEM et démo Wazuh
byAurélie Henriot
 
DOCX
ESB APPLICTAION IMPROVEMENT -2024 - this
byumabaskaran171094
 
PPTX
How Data Analytics Powers Cybersecurity - A Beginner’s Guide.pptx
byGICSEH
 
PDF
Analyse de sécurité de bout en bout avec la Suite Elastic
byElasticsearch
 
PPTX
ELK Solutions Enablement Session - 17th March'2020
byAshnikbiz
 
PDF
WSO2Con USA 2017: Driving Insights for Your Digital Business With Analytics
byWSO2
 
PDF
2022 Trends in Enterprise Analytics
byDATAVERSITY
 
PDF
Visualization in the Age of Big Data
byRaffael Marty
 
ODP
Log aggregation and analysis
byDhaval Mehta
 
PDF
What's new at Elastic: Update on major initiatives and releases
byElasticsearch
 
End-to-End Security Analytics with the Elastic Stack
byElasticsearch
 
Elastic Search Capability Presentation.pptx
byKnoldus Inc.
 
Elastic SIEM (Endpoint Security)
byKangaroot
 
How Elastic Security Meets SOC Needs
byAnna Ossowski
 
Filebeat Elastic Search Presentation.pptx
byKnoldus Inc.
 
BSides JAX 2019 - Threat Hunting with the Elastic Stack
byBrandon DeVault
 
Elastic Stack: Using data for insight and action
byElasticsearch
 
Apache Spark Streaming -Real time web server log analytics
byANKIT GUPTA
 
Elasticsearch features and ecosystem
byPavel Alexeev
 
Workshop: Big Data Visualization for Security
byRaffael Marty
 
Présentation ELK/SIEM et démo Wazuh
byAurélie Henriot
 
ESB APPLICTAION IMPROVEMENT -2024 - this
byumabaskaran171094
 
How Data Analytics Powers Cybersecurity - A Beginner’s Guide.pptx
byGICSEH
 
Analyse de sécurité de bout en bout avec la Suite Elastic
byElasticsearch
 
ELK Solutions Enablement Session - 17th March'2020
byAshnikbiz
 
WSO2Con USA 2017: Driving Insights for Your Digital Business With Analytics
byWSO2
 
2022 Trends in Enterprise Analytics
byDATAVERSITY
 
Visualization in the Age of Big Data
byRaffael Marty
 
Log aggregation and analysis
byDhaval Mehta
 
What's new at Elastic: Update on major initiatives and releases
byElasticsearch
 

More from Cysinfo Cyber Security Community

PPTX
Emerging Trends in Cybersecurity by Amar Prusty
byCysinfo Cyber Security Community
 
PPTX
Deep Web - what to do and what not to do
byCysinfo Cyber Security Community
 
PDF
Closer look at PHP Unserialization by Ashwin Shenoi
byCysinfo Cyber Security Community
 
PDF
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
byCysinfo Cyber Security Community
 
PPTX
S2 e (selective symbolic execution) -shivkrishna a
byCysinfo Cyber Security Community
 
PPTX
Dynamic binary analysis using angr siddharth muralee
byCysinfo Cyber Security Community
 
PDF
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
byCysinfo Cyber Security Community
 
PDF
Understanding Malware Persistence Techniques by Monnappa K A
byCysinfo Cyber Security Community
 
PPTX
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
byCysinfo Cyber Security Community
 
PDF
The Art of Executing JavaScript by Akhil Mahendra
byCysinfo Cyber Security Community
 
PDF
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
byCysinfo Cyber Security Community
 
PPTX
Analysis of android apk using adhrit by Abhishek J.M
byCysinfo Cyber Security Community
 
PDF
Dynamic Binary Instrumentation
byCysinfo Cyber Security Community
 
PDF
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
byCysinfo Cyber Security Community
 
PPTX
Bit flipping attack on aes cbc - ashutosh ahelleya
byCysinfo Cyber Security Community
 
PPTX
Security challenges in d2d communication by ajithkumar vyasarao
byCysinfo Cyber Security Community
 
PDF
Format string vunerability
byCysinfo Cyber Security Community
 
PDF
Understanding evasive hollow process injection techniques monnappa k a
byCysinfo Cyber Security Community
 
PDF
Reversing and Decrypting Malware Communications by Monnappa
byCysinfo Cyber Security Community
 
PDF
Understanding APT1 malware techniques using malware analysis and reverse engi...
byCysinfo Cyber Security Community
 
Emerging Trends in Cybersecurity by Amar Prusty
byCysinfo Cyber Security Community
 
Deep Web - what to do and what not to do
byCysinfo Cyber Security Community
 
Closer look at PHP Unserialization by Ashwin Shenoi
byCysinfo Cyber Security Community
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
byCysinfo Cyber Security Community
 
S2 e (selective symbolic execution) -shivkrishna a
byCysinfo Cyber Security Community
 
Dynamic binary analysis using angr siddharth muralee
byCysinfo Cyber Security Community
 
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
byCysinfo Cyber Security Community
 
Understanding Malware Persistence Techniques by Monnappa K A
byCysinfo Cyber Security Community
 
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
byCysinfo Cyber Security Community
 
The Art of Executing JavaScript by Akhil Mahendra
byCysinfo Cyber Security Community
 
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
byCysinfo Cyber Security Community
 
Analysis of android apk using adhrit by Abhishek J.M
byCysinfo Cyber Security Community
 
Dynamic Binary Instrumentation
byCysinfo Cyber Security Community
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
byCysinfo Cyber Security Community
 
Bit flipping attack on aes cbc - ashutosh ahelleya
byCysinfo Cyber Security Community
 
Security challenges in d2d communication by ajithkumar vyasarao
byCysinfo Cyber Security Community
 
Format string vunerability
byCysinfo Cyber Security Community
 
Understanding evasive hollow process injection techniques monnappa k a
byCysinfo Cyber Security Community
 
Reversing and Decrypting Malware Communications by Monnappa
byCysinfo Cyber Security Community
 
Understanding APT1 malware techniques using malware analysis and reverse engi...
byCysinfo Cyber Security Community
 

Recently uploaded

PDF
Working with Machine Learning in Production
byFrederick Apina
 
PDF
Google Developer Groups on Campus CSUEB: Intro to Google Agent Development Kit
byugoti
 
PDF
Comprehensive Logging with mORMot 2 on Delphi and FPC
byArnaud Bouchez
 
PPTX
Digital Twins for RolandRust U Maryland 20251030 v14.pptx
byhome
 
PDF
The Ultimate Guide to Software POC Development and Validation
byShiv Technolabs Pvt. Ltd.
 
PPTX
Lifecycle of Automated Testing: A Step-by-Step Journey from Planning to Repor...
bySophie Lane
 
PDF
git - from commit to merge - semcomp beta 2018 workshop
byJoao Marins
 
PDF
Comprehensive Guide to Performance Testing Tools and Services
byKanika Vatsyayan
 
PDF
Everything You Need to Know About White Label Analytics platform.pdf
byVarsha Nayak
 
PDF
Guidewire Connections 2025 PT 6 Unleash the Power of Agentic AI with Guidewire
byBrian Petrini
 
PPTX
Classify and visualize Jira work to stay focused and foster innovation - Work...
byWork Type Focus
 
PDF
Hiring Dedicated Laravel Developers: Cost Breakdown
byShiv Technolabs Pvt. Ltd.
 
PPTX
Advanced Risk Assessment Module for Enhanced Workplace Safety
byEHA Soft Solutions
 
PDF
Build Web, Mobile & Desktop Apps with Flutter
byShiv Technolabs Pvt. Ltd.
 
DOCX
Everything You Need to Know About White Label Analytics platform.docx
byVarsha Nayak
 
PPTX
Hall-Pass-Management-Software-Transforming-School-Safety-and-Efficiency.pptx
byinfoswipesolutionsin
 
PDF
Master the Critical Path Method (CPM) for Smarter Project Scheduling
byOrangescrum
 
DOCX
The Ultimate Guide to Modern Intranet & Digital Workplace Success
bySharepoint Designs
 
PDF
Cloud-based Hotel PMS_ Why hotels Must Upgrade Now.pdf
byHotelogix
 
DOCX
From Text to Tune: How AI Music Generators Are Changing the Way We Create Songs
bycooperation2
 
Working with Machine Learning in Production
byFrederick Apina
 
Google Developer Groups on Campus CSUEB: Intro to Google Agent Development Kit
byugoti
 
Comprehensive Logging with mORMot 2 on Delphi and FPC
byArnaud Bouchez
 
Digital Twins for RolandRust U Maryland 20251030 v14.pptx
byhome
 
The Ultimate Guide to Software POC Development and Validation
byShiv Technolabs Pvt. Ltd.
 
Lifecycle of Automated Testing: A Step-by-Step Journey from Planning to Repor...
bySophie Lane
 
git - from commit to merge - semcomp beta 2018 workshop
byJoao Marins
 
Comprehensive Guide to Performance Testing Tools and Services
byKanika Vatsyayan
 
Everything You Need to Know About White Label Analytics platform.pdf
byVarsha Nayak
 
Guidewire Connections 2025 PT 6 Unleash the Power of Agentic AI with Guidewire
byBrian Petrini
 
Classify and visualize Jira work to stay focused and foster innovation - Work...
byWork Type Focus
 
Hiring Dedicated Laravel Developers: Cost Breakdown
byShiv Technolabs Pvt. Ltd.
 
Advanced Risk Assessment Module for Enhanced Workplace Safety
byEHA Soft Solutions
 
Build Web, Mobile & Desktop Apps with Flutter
byShiv Technolabs Pvt. Ltd.
 
Everything You Need to Know About White Label Analytics platform.docx
byVarsha Nayak
 
Hall-Pass-Management-Software-Transforming-School-Safety-and-Efficiency.pptx
byinfoswipesolutionsin
 
Master the Critical Path Method (CPM) for Smarter Project Scheduling
byOrangescrum
 
The Ultimate Guide to Modern Intranet & Digital Workplace Success
bySharepoint Designs
 
Cloud-based Hotel PMS_ Why hotels Must Upgrade Now.pdf
byHotelogix
 
From Text to Tune: How AI Music Generators Are Changing the Way We Create Songs
bycooperation2
 

Security Analytics using ELK stack

  • 1.
    Security Analytics Using^^^ Stack Abhishek Bhuyan
  • 2.
  • 3.
    Disclaimer This is moreof demo session than slides...
  • 4.
    Elasticsearch ● Distributed andAnalytics Engine ○ Query anything - structured, unstructured, geo, metric ○ Analyze - Explore trends and patterns ○ RESTfulAPI ○ Schema Free, JSON Documents ○ Fast and Horizontally Scalable
  • 5.
    Logstash ● Data ProcessingPipeline ○ Ingest Data, Process and Output ■ Ingest Data of many sources (Input Plugins) ■ Parse & Transform data on the fly (Filter Plugins) ■ Change Data Representations (Codec Plugins) ■ Output data to many forms (Output Plugins)
  • 6.
    Beats ● Lightweight DataShippers ○ Data Gathering ■ Filebeat ■ Metricbeat ■ Packetbeat ■ Winlogbeat ■ Heartbeat
  • 7.
    Kibana ● Explore, Visualise,Discover Data ○ Interactive Visualization ○ Custom Dashboards
  • 8.
  • 9.
  • 10.
    What is Analytics? ●Data Driven approach for analyzing logs ● Ask the right question and then figure out what data you need to answer it ○ Helps in modeling your data ○ Helps in choosing the technology or tools you want to use
  • 11.
  • 12.
    “The goal isto turn data into information, and information into insight.” – Carly Fiorina, former CEO, Hewlett-Packard Co.