How To Use The Elastic Stack as a SIEM - John Hubbard
Рет қаралды 54,934
Күн бұрын
@MisterOA 3 жыл бұрын
This is definitely one of the best resources on the internet on the subject. Thank you for sharing John.
@EasyMac308 5 жыл бұрын
This should definitely have more views. I found it via John Hagen's SOF-ELK SANS webcast. Thanks!
@Nurof3n_ 5 ай бұрын
I learned so many things from this and not just about the elastic stack
@Z0nd4 5 жыл бұрын
Great video! Please do more videos of ELK SIEM
@mauriziodalre7360 4 жыл бұрын
Very interesting, but one of the main features of a SIEM is correlation: how to implement simple/complex correlation rules in ELK?
@fernandoalencar3767 2 жыл бұрын
Amazing content! Still a lot applies until today! Thanks John!
@GMDGeek 5 жыл бұрын
Going to give this a watch tonight - curious to see if you discuss limitations or infrastructure to run it large scale.
@shameersirajuddin1490 Жыл бұрын
Masterful way of introducing a complex topic and diving deep and still keep it interesting, relevant & comprehensive. I wish more creators share your clarity
@vuhaiang2852 2 жыл бұрын
Excellent content, brilliant work you 've done there. Thank you so much for making this video. Feel lucky to find your channel
@Schlumpfpirat 5 жыл бұрын
Hey, something that was unclear - why do you send the data to LogStash with FileBeat, as it only seems to be able to create one fixed Index, while your Kibana source showed a more granular, date-increasing FileBeat Index, indicating that you sent the data directly to Elasticsearch. If you could elaborate on that, that'd be cool. Also I'm not quite sure I got the hang of what the benefit of using LogStash vs Elasticsearch as a collector is; I get that you can somehow "enrich" data, which sounds good, but is actually unclear to how it fares in a production scenario.
@am0x01 3 жыл бұрын
Is there any recommendations for distributed architecture hardware requirements?
@rockade2408 4 жыл бұрын
Your explanation of Schema is completely WRONG.
@VIPMakhana 11 ай бұрын
❤
@ravis3754 2 жыл бұрын
Thank you Jon for this awesome content put together.
@dbencomo 5 жыл бұрын
Very interesting talk, a complement for SEC555, thanks you John.
@ashutosh567 5 жыл бұрын
great learning material! May be some example of logstash conf file with firewall configuration would be useful!
@dbencomo 5 жыл бұрын
Jonh, are slides available somewhere?
@twistable_deer 5 жыл бұрын
Very good video. Thank you!
@RichardBejtlich 5 жыл бұрын
Very helpful, thank you John.
@khaledshokry9223 5 жыл бұрын
Thank you!!
@ivan_torres 3 жыл бұрын
Thank you so much for this video, I really appreciate your knowledge and efforts!!!
John Hubbard
Рет қаралды 3,6 М.
SANS Institute
Рет қаралды 27 М.
Udemy
Рет қаралды 354 М.
SWCSF
Рет қаралды 37 М.
Sp4rkCon by Walmart
Рет қаралды 101 М.