Big SIEM Energy at micro-SIEM cost

Presented at BSidesLV 2023, Aug. 9, 2023, 3 p.m. (Unknown duration).

What if you've got a major need to, well, manage security incidents and events in your AWS infrastructure but you're just not feeling the GuardDuty vibes? There's a million reasons why you may have specific security monitoring requirements that aren't fulfilled with heavy-duty solutions. GuardDuty comes with an assortment of pre-built rules for detecting traditional threats to your infrastructure that are specifically tuned for AWS and the average usage of AWS, but what if that's too much for your use cases or your budget? One-size-fits-all but rarely does it do so well. This talk will provide a detailed template for a micro-SIEM tuned to your specific needs, using cost effective AWS services such as EventBridge, CloudTrail, SNS, and ChatBot. Discover how to replicate this approach in your own environment or scale similar concepts to a CSP of your choice.

Presenters:

  • Kenneth Kaye
    Over the past 17 years, Kenneth has performed just about every job in the security space that exists. From incident response to malware reverse-engineering to red-teaming to threat hunting, DDoS defense, cyberthreat intelligence analysis, research & development, compliance, automation, and secure architecture design & engineering. Throughout it all his primary goal has always been to automate himself out of that job so he can learn and do new things. Whatever comes next one thing is certain - he doesn't like to sit still.

Links:

Similar Presentations: