ET-1212 Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture

Presented at Texas Cyber Summit 2019, Oct. 11, 2019, 11 a.m. (60 minutes)

This presentation shows how to use Splunk to provide the analyst with a comprehensive vision of AWS/GCP/Azure security posture. Presenters will outline how to ingest the audit data provided by open source tool [Cloud Security Suite](https://github.com/SecurityFTW/cs-suite) into Splunk to analyze cloud vulnerability, harden multi-cloud deployments and visualize multi-cloud threat surface. Presenters will also demonstrate use cases based on Splunk knowledge objects (Tables, Dashboards, Alerts, Field extractions, Lookups, etc), in order to take advantage of the information provided by various supporting tools like [Scout2](https://github.com/nccgroup/Scout2) and [G-Scout](https://github.com/nccgroup/G-Scout) projects for cloud API auditing. **Outline** * Introduction to security in the cloud * Cloud provider responsibilities vs customer responsibilities * Historic Cloud attacks (k8s, s3 buckets, etc..) * AWS Security baseline * GCP Security baseline * Azure Security baseline * Automated multi-cloud auditing (cloud security suite intro) * Logical Architecture for multiple cloud * SIEM setup (Splunk, ELK) * Deployment steps (Splunk setup, Cloud Security auditing instance) * Proactive alerting for audit failures * Cloud security posture dashboard and reports * Q&A

Presenters:

• Rod Soto - Splunk
  @rodsoto ">Rod Soto has over 15 years of experience in information technology and security. Currently working as Principal Security Research Engineer at Splunk. He has spoken at ISSA, ISC2, OWASP, DEFCON, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision and CNN. Rod Soto was the winner of the 2012 BlackHat Las vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll competitive hacking Tournament series. [@rodsoto](https://twitter.com/rodsoto)
• Jose Hernandez - Splunk
  José is a Principal Security Researcher at Splunk. He started his professional career at Prolexic Technologies (now Akamai), fighting DDOS attacks from “*anonymous*” and “*lulzsec*” against Fortune 100 companies. As an engineering co-founder of Zenedge Inc. (acquired by Oracle Inc.), José helped build technologies to fight bots and web-application attacks. While working at Splunk as a Security Architect, he built and released an auto-mitigation framework that has been used to automatically fight attacks in large organizations. He has also built security operation centers and run a public threat-intelligence service. Although security information has been the focus of his career, José has found that his true passion is in solving problems and creating solutions. As an example, he built an underwater remote-control vehicle called the SensorSub, which was used to test and measure toxicity in Miami's waterways.

Links:

• https://texascybersummitii2019.sched.com/event/VcRp/et-1212-using-splunk-or-elk-for-auditing-awsgcpazure-security-posture

Similar Presentations:

• Kernelcon 2022 / Protecting Your Cloud Environment from the Netrunners
• Diana Initiative 2020 Virtual / Guardians of the cloud: the sysadmin's guide to cloud security
• ToorCon: Seattle (Beta) (2007) / Anycast Cloud Bursting