Building your first SIEM with the Elastic Stack

Presented at SAINTCON 2019, Oct. 24, 2019, 11 a.m. (30 minutes)

Correctly implemented, a Security Information and Event Manager (SIEM) is one of the best tools a blue team has in defending a network. This presentation covers introductory topics about SIEMs including what they are, why you need one, and the considerations that one must take in building one. We will discuss the types of events that a SIEM can detect We will discuss the core technologies involved and demonstrate the setup of a SIEM with ElasticSearch, Logstash, Kibana, RabbitMQ, ElastAlert, and Zeek. Slides: <https://slides.com/cronocide/building-your-first-siem> Tutorial: <https://www.cronocide.com/post/byfswtes/>

Presenters:

• Daniel Dayley - Sling TV
  If somebody told you that I was just an ordinary guy with an ordinary security job, somebody had it pretty much right. I dabble in reverse engineering, jailbreaking everything, electrical engineering, not putting 'and's' at the end of lists. When I'm not expressing strong opinions about the fate of macOS in an alternate reality in which the iPhone never existed, I'm usually struggling with homework from my never ending stream of Computer Science courses at UVU. I can't game, but I can swim, and I think climbing rocks!

Links:

• https://saintcon2019.sched.com/event/W6Uj/building-your-first-siem-with-the-elastic-stack
• https://infocon.org/cons/SAINTCON/SAINTCON 2019/Daniel Dayley - Building your first SIEM with the Elastic Stack.mp4
• https://infocon.org/cons/SAINTCON/SAINTCON 2019/Daniel Dayley - Building your first SIEM with the Elastic Stack.eng.srt (subtitles)
• https://www.youtube.com/watch?v=jyl13RQniDY

Similar Presentations:

• BSidesDC 2019 / What did the SIEM See?
• ShmooCon XIV (2018) / This Is Not Your Grandfather's SIEM
• BSides Austin 2017 / Forget enumerating a network, hack the SIEM and win the war