Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Feed Your SIEM Smart with Kafka Connect (Vitalii Rudenskyi, McKesson Corp) Kafka Summit 2020

10. Sep 2020
0 gefällt mir 881 Aufrufe
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Nächste SlideShare
Keep your Metadata Repository Current with Event-Driven Updates using CDC and...
Keep your Metadata Repository Current with Event-Driven Updates using CDC and...
Wird geladen in …3
×

Hier ansehen

Kafka Lag Monitoring For Human Beings (Elad Leev, AppsFlyer) Kafka Summit 2020
HostedbyConfluent
SingleStore & Kafka: Better Together to Power Modern Real-Time Data Architect...
HostedbyConfluent
Agile Data Integration: How is it possible?
confluent
Streaming Data Analytics with ksqlDB and Superset | Robert Stolz, Preset
HostedbyConfluent
Moving 150 TB of data resiliently on Kafka With Quorum Controller on Kubernet...
HostedbyConfluent
Developing a custom Kafka connector? Make it shine! | Igor Buzatović, Porsche...
HostedbyConfluent
0-330km/h: Porsche's Data Streaming Journey | Sridhar Mamella, Porsche
HostedbyConfluent
Kafka at the core of an AIOps pipeline | Sunanda Kommula, Selector.ai and Ala...
HostedbyConfluent
1 von 25 Anzeige

Feed Your SIEM Smart with Kafka Connect (Vitalii Rudenskyi, McKesson Corp) Kafka Summit 2020

10. Sep 2020
0 gefällt mir 881 Aufrufe

Herunterladen, um offline zu lesen

Technologie

SIEM platforms are essential to the new cybersecurity paradigm and data collection layer is a very important piece of it.

When you deliver a new platform, you can easily get lost in a variety of different vendors and solutions, too many challenges are facing. What if I change vendors, will I keep my data? How to feed multiple tools with the same data? How to collect data from custom apps and services? How to pay less for an expensive platform? How to keep data without a huge cost?

Join us if you are looking for the answers. In this session, you will learn how we replaced the vendor-provided data collection layer with kafka connect and the lessons we learnt. After the talk you will know:
- architecture and real-life examples of the flexible and highly available data collection platform
- custom connectors that do most of the work for us and how to extend the connectors to consume new data, we made them open sourced
- easy way to receive data from thousands of servers and many cloud services
- how to archive data at low cost

You will leave armed with a set of free tools and recipes to build a truly vendor-agnostic data collection platform. It will allow you to take you SIEM costs under control. You will feed your analytics tools with what they need and archive the rest at low cost. You will feed your SIEM smart!

SIEM platforms are essential to the new cybersecurity paradigm and data collection layer is a very important piece of it.

When you deliver a new platform, you can easily get lost in a variety of different vendors and solutions, too many challenges are facing. What if I change vendors, will I keep my data? How to feed multiple tools with the same data? How to collect data from custom apps and services? How to pay less for an expensive platform? How to keep data without a huge cost?

Join us if you are looking for the answers. In this session, you will learn how we replaced the vendor-provided data collection layer with kafka connect and the lessons we learnt. After the talk you will know:
- architecture and real-life examples of the flexible and highly available data collection platform
- custom connectors that do most of the work for us and how to extend the connectors to consume new data, we made them open sourced
- easy way to receive data from thousands of servers and many cloud services
- how to archive data at low cost

You will leave armed with a set of free tools and recipes to build a truly vendor-agnostic data collection platform. It will allow you to take you SIEM costs under control. You will feed your analytics tools with what they need and archive the rest at low cost. You will feed your SIEM smart!

Technologie
Anzeige

Empfohlen

Keep your Metadata Repository Current with Event-Driven Updates using CDC and...
confluent
1.1k Aufrufe
16 Folien
Distributed Data Storage & Streaming for Real-time Decisioning Using Kafka, S...
HostedbyConfluent
727 Aufrufe
13 Folien
DataOps Automation for a Kafka Streaming Platform (Andrew Stevenson + Spiros ...
HostedbyConfluent
896 Aufrufe
22 Folien
Cloud-Based Event Stream Processing Architectures and Patterns with Apache Ka...
HostedbyConfluent
567 Aufrufe
37 Folien
Accelerating Innovation with Apache Kafka, Heikki Nousiainen | Heikki Nousiai...
HostedbyConfluent
222 Aufrufe
20 Folien
How to Discover, Visualize, Catalog, Share and Reuse your Kafka Streams (Jona...
HostedbyConfluent
1.7k Aufrufe
14 Folien
How a Data Mesh is Driving our Platform | Trey Hicks, Gloo
HostedbyConfluent
584 Aufrufe
34 Folien
Developing custom transformation in the Kafka connect to minimize data redund...
HostedbyConfluent
254 Aufrufe
20 Folien
Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (20)

Kafka Lag Monitoring For Human Beings (Elad Leev, AppsFlyer) Kafka Summit 2020
HostedbyConfluent
5k Aufrufe
SingleStore & Kafka: Better Together to Power Modern Real-Time Data Architect...
HostedbyConfluent
391 Aufrufe
Agile Data Integration: How is it possible?
confluent
932 Aufrufe
Streaming Data Analytics with ksqlDB and Superset | Robert Stolz, Preset
HostedbyConfluent
1.7k Aufrufe
Moving 150 TB of data resiliently on Kafka With Quorum Controller on Kubernet...
HostedbyConfluent
419 Aufrufe
Developing a custom Kafka connector? Make it shine! | Igor Buzatović, Porsche...
HostedbyConfluent
80 Aufrufe
0-330km/h: Porsche's Data Streaming Journey | Sridhar Mamella, Porsche
HostedbyConfluent
164 Aufrufe
Kafka at the core of an AIOps pipeline | Sunanda Kommula, Selector.ai and Ala...
HostedbyConfluent
432 Aufrufe
Death of the dumb pipes: Using Apache Kafka® for Integration projects
HostedbyConfluent
108 Aufrufe
How a distributed graph analytics platform uses Apache Kafka for data ingesti...
HostedbyConfluent
799 Aufrufe
Building Retry Architectures in Kafka with Compacted Topics | Matthew Zhou, V...
HostedbyConfluent
346 Aufrufe
Kubernetes connectivity to Cloud Native Kafka | Evan Shortiss and Hugo Guerre...
HostedbyConfluent
214 Aufrufe
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
HostedbyConfluent
323 Aufrufe
Azure Cosmos DB Kafka Connectors | Abinav Rameesh, Microsoft
HostedbyConfluent
167 Aufrufe
How to use Standard SQL over Kafka: From the basics to advanced use cases | F...
HostedbyConfluent
230 Aufrufe
The Migration to Event-Driven Microservices (Adam Bellemare, Flipp) Kafka Sum...
confluent
2k Aufrufe
Testing Event Driven Architectures: How to Broker the Complexity | Frank Kilc...
HostedbyConfluent
931 Aufrufe
Maximize the Business Value of Machine Learning and Data Science with Kafka (...
confluent
1k Aufrufe
Using Kafka as a Database For Real-Time Transaction Processing | Chad Preisle...
HostedbyConfluent
581 Aufrufe
Integrating Apache Kafka and Elastic Using the Connect Framework
confluent
4.5k Aufrufe
Kafka Lag Monitoring For Human Beings (Elad Leev, AppsFlyer) Kafka Summit 2020
HostedbyConfluent
5k Aufrufe
60 Folien
SingleStore & Kafka: Better Together to Power Modern Real-Time Data Architect...
HostedbyConfluent
391 Aufrufe
18 Folien
Agile Data Integration: How is it possible?
confluent
932 Aufrufe
25 Folien
Streaming Data Analytics with ksqlDB and Superset | Robert Stolz, Preset
HostedbyConfluent
1.7k Aufrufe
33 Folien
Moving 150 TB of data resiliently on Kafka With Quorum Controller on Kubernet...
HostedbyConfluent
419 Aufrufe
15 Folien
Developing a custom Kafka connector? Make it shine! | Igor Buzatović, Porsche...
HostedbyConfluent
80 Aufrufe
26 Folien

Ähnlich wie Feed Your SIEM Smart with Kafka Connect (Vitalii Rudenskyi, McKesson Corp) Kafka Summit 2020 (20)

Big data conference europe real-time streaming in any and all clouds, hybri...
Timothy Spann
793 Aufrufe
Scenic City Summit (2021): Real-Time Streaming in any and all clouds, hybrid...
Timothy Spann
740 Aufrufe
Introduction to Apache Mesos and DC/OS
Steve Wong
337 Aufrufe
DevOps and Continuous Delivery with CloudFoundry
Johannes Rudolph
287 Aufrufe
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...
Cisco DevNet
844 Aufrufe
OS for AI: Elastic Microservices & the Next Gen of ML
Nordic APIs
263 Aufrufe
.NET Cloud-Native Bootcamp- Los Angeles
VMware Tanzu
441 Aufrufe
Microsoft Azure Explained - Hitesh D Kesharia
HARMAN Services
3.3k Aufrufe
Continuous delivery and DevOps with CloudFoundry
Johannes Rudolph
247 Aufrufe
Gs08 modernize your data platform with sql technologies wash dc
Bob Ward
812 Aufrufe
Music city data Hail Hydrate! from stream to lake
Timothy Spann
688 Aufrufe
Service fabric and azure service fabric mesh
Mikkel Mørk Hegnhøj
111 Aufrufe
Developing Enterprise Applications for the Cloud, from Monolith to Microservice
Jack-Junjie Cai
1.2k Aufrufe
Developing Enterprise Applications for the Cloud, from Monolith to Microservices
David Currie
2.2k Aufrufe
.NET Cloud-Native Bootcamp
VMware Tanzu
741 Aufrufe
Zero to 1000+ Applications - Large Scale CD Adoption at Cisco with Spinnaker ...
DevOps.com
251 Aufrufe
Sqlviking
Jonn Callahan
290 Aufrufe
Billions of Messages in Real Time: Why Paypal & LinkedIn Trust an Engagement ...
confluent
366 Aufrufe
How to Build a Multi-DC Cassandra Cluster in AWS with OpsCenter LCM
Anant Corporation
1.2k Aufrufe
Open shift and docker - october,2014
Hojoong Kim
10k Aufrufe
Big data conference europe real-time streaming in any and all clouds, hybri...
Timothy Spann
793 Aufrufe
32 Folien
Scenic City Summit (2021): Real-Time Streaming in any and all clouds, hybrid...
Timothy Spann
740 Aufrufe
29 Folien
Introduction to Apache Mesos and DC/OS
Steve Wong
337 Aufrufe
44 Folien
DevOps and Continuous Delivery with CloudFoundry
Johannes Rudolph
287 Aufrufe
16 Folien
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...
Cisco DevNet
844 Aufrufe
28 Folien
OS for AI: Elastic Microservices & the Next Gen of ML
Nordic APIs
263 Aufrufe
35 Folien
Anzeige

Weitere von HostedbyConfluent (20)

Apache Kafka With Spark Structured Streaming With Emma Liu, Nitin Saksena, Ra...
HostedbyConfluent
246 Aufrufe
Streaming Time Series Data With Kenny Gorman and Elena Cuevas | Current 2022
HostedbyConfluent
64 Aufrufe
Building Real-Time Serverless Data Applications With Joseph Morais and Adam W...
HostedbyConfluent
75 Aufrufe
Reimagining Customer Experiences With Confluent With Phani Bhattiprolu and Ra...
HostedbyConfluent
32 Aufrufe
How PubSub Helped Build Vox Media’s Data Applications With Moses Musaelian | ...
HostedbyConfluent
39 Aufrufe
How Snowflake Sink Connector Uses Snowpipe’s Streaming Ingestion Feature, Jay...
HostedbyConfluent
224 Aufrufe
Dead Letter Queues for Kafka Consumers in Robinhood, Sreeram Ramji and Wenlon...
HostedbyConfluent
562 Aufrufe
Getting Advertiser Budget Just Right at Reddit With S. Yedida & N. Ramasubram...
HostedbyConfluent
113 Aufrufe
Monitoring Exascale Supercomputers With Tim Osborne | Current 2022
HostedbyConfluent
28 Aufrufe
Designing a Feedback Loop for Event-Driven Data Sharing With Teresa Wang | Cu...
HostedbyConfluent
45 Aufrufe
Handing Failure With Grace in Kafka Streams With Walker Carlson | Current 2022
HostedbyConfluent
44 Aufrufe
Under the Covers: Segments of Apache Kafka With Kirill Kulikov | Current 2022
HostedbyConfluent
37 Aufrufe
When NOT to Use Apache Kafka? With Kai Waehner | Current 2022
HostedbyConfluent
515 Aufrufe
Designing Topic Structures for Data Resiliency and Disaster Recovery With Jus...
HostedbyConfluent
48 Aufrufe
Online Machine Learning on Streaming Data With River and Bytewax With Zander ...
HostedbyConfluent
76 Aufrufe
Balance Your Data Across Apache Kafka Partitions With Olena Kutsenko | Curren...
HostedbyConfluent
48 Aufrufe
Next Gen Data Modeling in the Open Data Platform With Doron Porat and Liran Y...
HostedbyConfluent
45 Aufrufe
Wikipedia’s Event Data Platform, Or: JSON Is Okay Too With Andrew Otto | Curr...
HostedbyConfluent
111 Aufrufe
Deep Dive Into Kafka Tiered Storage With Satish Duggana | Current 2022
HostedbyConfluent
126 Aufrufe
You’re Spiky and We Know It With Ravindra Bhanot | Current 2022
HostedbyConfluent
164 Aufrufe
Apache Kafka With Spark Structured Streaming With Emma Liu, Nitin Saksena, Ra...
HostedbyConfluent
246 Aufrufe
47 Folien
Streaming Time Series Data With Kenny Gorman and Elena Cuevas | Current 2022
HostedbyConfluent
64 Aufrufe
35 Folien
Building Real-Time Serverless Data Applications With Joseph Morais and Adam W...
HostedbyConfluent
75 Aufrufe
34 Folien
Reimagining Customer Experiences With Confluent With Phani Bhattiprolu and Ra...
HostedbyConfluent
32 Aufrufe
11 Folien
How PubSub Helped Build Vox Media’s Data Applications With Moses Musaelian | ...
HostedbyConfluent
39 Aufrufe
10 Folien
How Snowflake Sink Connector Uses Snowpipe’s Streaming Ingestion Feature, Jay...
HostedbyConfluent
224 Aufrufe
14 Folien

Aktuellste (20)

ALLOW US TO RESTORE YOUR PEACE OF MIND FAST
RestorationsPro
0 Aufrufe
Lesson 26- Excel Lesson 11.pptx
rubben7
0 Aufrufe
Computer applications.pptx
Emmanuel235416
0 Aufrufe
OS_Ch06.pdf
ismailsaleh63
0 Aufrufe
Lesson 3- Get Started With Your First Computer 2.pptx
rubben7
0 Aufrufe
ROLE-OF-ICT-IN-RECENT-HISTORY.pptx
ajperos
0 Aufrufe
Lesson 25- Excel Lesson 10.pptx
rubben7
0 Aufrufe
Developer-friendly SAST in DevOps Pipeline.pptx
SamSbp
0 Aufrufe
Unit-II-part 3.pdf
ayushsrivastava750286
3 Aufrufe
Neel_Flutter_Intership_slideshare (1).pdf
NeelModi29
0 Aufrufe
Pitch-Deck-Collaborate-in-the-Cloud-with-Microsoft-365.pptx
JibinChacko11
0 Aufrufe
Lesson 27 - Excel Lesson 13.pptx
rubben7
0 Aufrufe
KAPCO INTERNSHIP REPORT..docx
MUHAMMADABDULLAH331091
0 Aufrufe
Computer Vision Landscape : Present and Future
Sanghamitra Deb
0 Aufrufe
Lesson 24- Excel Lesson 9.pptx
rubben7
0 Aufrufe
procon-p14g-ph-sensor-data-sheet.pdf
greg593545
2 Aufrufe
prace_days_ml_2019.pptx
ssuserf583ac
0 Aufrufe
Priority_Scheduling.pptx
SoumyaPanja2
0 Aufrufe
Outlook.pptx
rubben7
0 Aufrufe
160110_ChameleonMini_history_smaller.pdf
christopheradams878824
0 Aufrufe
ALLOW US TO RESTORE YOUR PEACE OF MIND FAST
RestorationsPro
0 Aufrufe
13 Folien
Lesson 26- Excel Lesson 11.pptx
rubben7
0 Aufrufe
21 Folien
Computer applications.pptx
Emmanuel235416
0 Aufrufe
36 Folien
OS_Ch06.pdf
ismailsaleh63
0 Aufrufe
89 Folien
Lesson 3- Get Started With Your First Computer 2.pptx
rubben7
0 Aufrufe
21 Folien
ROLE-OF-ICT-IN-RECENT-HISTORY.pptx
ajperos
0 Aufrufe
6 Folien
Anzeige

Feed Your SIEM Smart with Kafka Connect (Vitalii Rudenskyi, McKesson Corp) Kafka Summit 2020

  1. 1. Feed Your SIEM Smart with Kafka Connect Vitalii Rudenskyi Security Architect, McKesson Corp
  2. 2. Motivation and Background
  3. 3. Why We Started It’s not a mistake to make a mistake, but it’s a mistake to repeat the same mistake
  4. 4. Requirements ★ Logs collection to be vendor agnostic ★ Feed different analytics tools ★ Data filtering and cleaning ★ Existing data retention requirements ★ Scalable and highly available
  5. 5. Anticipated Challenges ★ Amount of data and number of sources ★ Variety of different formats ★ SaaS/PaaS applications and public Clouds ★ Cloud SIEM
  6. 6. Kafka Connect
  7. 7. The Three Keys That Open The Door
  8. 8. How to Collect Data
  9. 9. The Three Keys ‘Push’ Connector ‘Pull’ Connector Transformations Library
  10. 10. Push - NettySource Connector ★ Unified: “all-in-one” different transport and protocols ★ Scalable: multiple tasks supported ★ Available: works behind a LB (health checks supported) ★ Configurable: multiple protocols (plain text, syslog, http, snmp, netflow) ★ Customizable: custom implementations supported
  11. 11. NettySource Connector Common deployment model
  12. 12. Pull - PollableAPIClient Connector ★ Simple: easy new connectors development ★ Scalable: multiple tasks/partitions supported ★ Configurable: interval and scheduled (cron-style) polls, retry/backoff, resettable offsets ★ Customizable: custom implementations supported
  13. 13. PollableAPIClient Connector
  14. 14. PollableAPIClient Connector 25+ ApiClient implementations
  15. 15. Transformations Library ★ Can transform different parts of a kafka message ★ Supports “if” conditions
  16. 16. Takeaways
  17. 17. Highly Available NettySource Connector
  18. 18. Headers All The Way ★ Track origin of the data ★ Conditional routing ★ Tagging in ‘chained’ transformations ★ SIEM specific metadata
  19. 19. Syslog: Take Port 514 Under Control Multi-rules RegexRouter config
  20. 20. Data archiving solution ★ Pair of source and sink connectors ★ One connector for all topics ★ Compressed ★ Easy to restore
  21. 21. ★ Monitoring is essential ★ Keep original data ★ Be cautious when using “heavy” transformations in source connectors
  22. 22. 5 kafka clusters 20+ kafka connect clusters 530+ deployed connectors 7+TB of data daily
  23. 23. What is the next...
  24. 24. We share! ★ NettySource Connector https://github.com/vrudenskyi/kafka-connect-netty-source ★ PollableAPIClient Connector https://github.com/vrudenskyi/kafka-connect-pollable-source https://github.com/vrudenskyi/kafka-connect-api-clients ★ Transformations Library https://github.com/vrudenskyi/kafka-connect-transform
  25. 25. Q & Avrudenskyi@gmail.com https://www.linkedin.com/in/vrudenskyi/

×