The document discusses using the ELKB stack for security analytics. It describes the roles of Elasticsearch for data storage and querying, Logstash for data ingestion and processing, Beats for data collection, and Kibana for visualization. It notes that the session will demonstrate using these tools to turn log and event data into insights through analytics by asking the right questions and modeling the data needed to answer them.

1. Security Analytics Using ^^^ Stack
Abhishek Bhuyan

2. ELKB Stack

3. Disclaimer
This is more of demo session than
slides...

4. Elasticsearch
● Distributed and Analytics Engine
○ Query anything - structured, unstructured, geo, metric
○ Analyze - Explore trends and patterns
○ RESTfulAPI
○ Schema Free, JSON Documents
○ Fast and Horizontally Scalable

5. Logstash
● Data Processing Pipeline
○ Ingest Data, Process and Output
■ Ingest Data of many sources (Input Plugins)
■ Parse & Transform data on the fly (Filter Plugins)
■ Change Data Representations (Codec Plugins)
■ Output data to many forms (Output Plugins)

6. Beats
● Lightweight Data Shippers
○ Data Gathering
■ Filebeat
■ Metricbeat
■ Packetbeat
■ Winlogbeat
■ Heartbeat

7. Kibana
● Explore, Visualise, Discover Data
○ Interactive Visualization
○ Custom Dashboards

8. Evolution of Cyber Threats

9. Evolution of Cyber Threats

10. What is Analytics?
● Data Driven approach for analyzing logs
● Ask the right question and then figure out what data you need
to answer it
○ Helps in modeling your data
○ Helps in choosing the technology or tools you want to use

11. Let’s Demo

12. “The goal is to turn data into information, and information into
insight.”
– Carly Fiorina, former CEO, Hewlett-Packard Co.