Attack Monitoring using Elasticsearch, Logstash, Kibana

Trainer Name: Prajal Kulkarni , Shubham Mittal & Himanshu Kumar Das
Title: Attack Monitoring using Elasticsearch, Logstash, Kibana
Duration: 2 Days

Objective

With growing trend of Big data, companies are tend to rely on high cost SIEM solutions. However, with introduction of open source and lightweight cluster management solution like ElasticSearch this has been the highlight of the year. Similarly, the log aggregation has been simplified by logstash and kibana providing a visual look to the complex data structure. This training will exactly cater to this need of having a appropriate log analysis+Detecting Intrusion+Visualizing data in a powerful interface.

This training is meant for security enthusiast, Server DevOps, and startups. This will be a great learning to setup one's own ELK environment in their organization.

Course Outline

ElasticSearch

• Overview & Architecture of Elk 
• Setting up ElasticSearch
• Overview of ElasticSearch APIs
• Various plugins of elasticsearch and Use of it

Dumping data into ElasticSearch

• How to write logstash grok filters
• Setting up logstash forwarder
• Social Media Monitoring using ELK

Visualisation

• Overview of Kibana Dashboard
• Setting up Visualizations in Kibana
• Setting up multiple dashboards in Kibana

Alerting and Case Studies

• Overview Of ElastAlert
• Creating and Testing for Rules
• Setting up different Rule Types
• Aggregating and Sub-aggregating filters
• Setting up an Alerter
• Attack alerting using ELK setup
• System profiling using OSQuery

What to expect

Once you take this course you should be able to have detailed knowledge of how ELK architechture works in an environment and apply the same knowledge to your company architecture.
This will help you to develop in house Intrusion Detection system using the same ELK architechture.

Who Should Attend?

Server admins, Security enthusiasts, Startups having no budget to procure commercial SIEM solutions.

What not to expect

We will not be covering ELK scaling techniques. This training is more oriented to understand the working of ELK and leveraging this to an Intrusions Detection System.

What you will get

• Tools and software provided for the training.
• Completely documented script and programs
• A simple to follow step by step walk through of the entire training in a PDF file
• Virtual machines with code used during the training so that you can even practice after the training is over.

What you should get

• A laptop with administrator privileges.
• 30 GB of free Hard Disk Space.
• Ideally 8 GB of RAM but minimum 4 GB.
• Laptop should have a working wireless and wired/Ethernet connection.
• Latest Oracle Virtualbox(preferred) or VMWare Workstation or VMWare Fusion installed
• Other virtualization software might work but we will not be able to provide support for that.

About the Trainers

Prajal Kulkarni

Prajal Kulkarni, is a Security Researcher currently working with FlipKart. He is an active member of Null Security Community for the past 3 Years. His area of interest includes Web and mobile application security. He writes a security blog at www.prajalkulkarni.com and he is also the lead contributor at project Code Vigilant . In the past he has disclosed several vulnerabilities in core components of GLPI, BugGenie, Owncloud etc. He has also reported many security vulnerabilities to companies like Adobe, Twitter, Facebook, Google, Mozilla and is also acknowledged on their Hall of fame. He has spoken at the GraceHopper'13 security conference.

Himanshu Kumar Das

Himanshu Kumar Das, is a security researcher with hands on experience in Web Application Security, Network Security and Mobile (primarily Android) Security. Himanshu is currently working with FlipKart. Himanshu enjoys to code/learn in python. Himanshu participates in CTF’s representing Team SegFault. Himanshu has won Nullcon JailBreak 2012 and had been architect for HackIM CTF since 2012.

Shubham Mittal

Shubham is a Security Engineer with 4+ years of experience in AppSec and Network PT. He has given many trainings and also has been champion for a bunch of Humla Sessions at Null. He has reported many security vulnerabilities in Big giants i.e. Yahoo, Google, FB, Apple, Microsoft and has been AT&T Top 10 Bug Bounty Hunter as well. Shubham loves python and currently he is exploring the same for OSINT flavour. He has also been a contributor in HackIM 2013 and 2014.
In his free time, he tries his luck with Bug Bounties or rides his bike.