How To Use The Elastic Stack as a SIEM

How To Use The Elastic Stack as a SIEM - John Hubbard

Рет қаралды 56,758

John Hubbard

Күн бұрын

Пікірлер: 21

@MisterOA 4 жыл бұрын

This is definitely one of the best resources on the internet on the subject. Thank you for sharing John.

@shameersirajuddin1490 Жыл бұрын

Masterful way of introducing a complex topic and diving deep and still keep it interesting, relevant & comprehensive. I wish more creators share your clarity

@Nurof3n_ 9 ай бұрын

I learned so many things from this and not just about the elastic stack

@EasyMac308 5 жыл бұрын

This should definitely have more views. I found it via John Hagen's SOF-ELK SANS webcast. Thanks!

@fernandoalencar3767 2 жыл бұрын

Amazing content! Still a lot applies until today! Thanks John!

@vuhaiang2852 2 жыл бұрын

Excellent content, brilliant work you 've done there. Thank you so much for making this video. Feel lucky to find your channel

@ravis3754 2 жыл бұрын

Thank you Jon for this awesome content put together.

@Z0nd4 5 жыл бұрын

Great video! Please do more videos of ELK SIEM

@GMDGeek 6 жыл бұрын

Going to give this a watch tonight - curious to see if you discuss limitations or infrastructure to run it large scale.

@dbencomo 5 жыл бұрын

Very interesting talk, a complement for SEC555, thanks you John.

@kepenge 3 жыл бұрын

Is there any recommendations for distributed architecture hardware requirements?

@ashutosh567 5 жыл бұрын

great learning material! May be some example of logstash conf file with firewall configuration would be useful!

@twistable_deer 5 жыл бұрын

Very good video. Thank you!

@mauriziodalre7360 5 жыл бұрын

Very interesting, but one of the main features of a SIEM is correlation: how to implement simple/complex correlation rules in ELK?

@ivan_torres 3 жыл бұрын

Thank you so much for this video, I really appreciate your knowledge and efforts!!!

@RichardBejtlich 5 жыл бұрын

Very helpful, thank you John.

@dbencomo 5 жыл бұрын

Jonh, are slides available somewhere?

@khaledshokry9223 5 жыл бұрын

Thank you!!

@Schlumpfpirat 5 жыл бұрын

Hey, something that was unclear - why do you send the data to LogStash with FileBeat, as it only seems to be able to create one fixed Index, while your Kibana source showed a more granular, date-increasing FileBeat Index, indicating that you sent the data directly to Elasticsearch. If you could elaborate on that, that'd be cool. Also I'm not quite sure I got the hang of what the benefit of using LogStash vs Elasticsearch as a collector is; I get that you can somehow "enrich" data, which sounds good, but is actually unclear to how it fares in a production scenario.