Security monitoring log management-describe logstash,kibana,elastic slidshare

•

5 gefällt mir•636 views

Implement your own Log management Develop your tools for Monitoring Understand Elastic implement Elastic, Kibana & Logstash Modern Log parsing

Daten & Analysen

Security Event Monitoring,Log
Management Describe:
“LogStash,Elastic & Kibana"
Present & Gathered by:
Reza Adineh
Cyber Security Specialist
SOC Expert
Forensic Researcher
Contact me:  
https://ir.linkedin.com/in/rezaadineh
 
Feb-2018

Heart of ELK stack: Elasticsearch
Based on Apache Lucene
Shay Banon, Compass to Elasticsearch, released in 2010
In 2012 Elastic was founded in Amsterdam
RESTful search & Analytics engine

Plugin Ecosystem:
Rich Integration & Processing
200+ plugins
Extensible framework to easily build your own plugin
Logstash Plugins Maintainer Program

Need for log analysis
Lets understand why do we need log analysis ?

Problems with log analysis
Lets understand what problems occurred with log analysis ?

Lets now understand what exactly is ELK Stack.

Visualizing logs using ElasticSearch, Logstach & Kibana &
saving millions !

Keep a deeper look at Logs & how implement
ElasticSearch, Logstach & Kibana
Logs & Log structures:

A log is human readable …
A human readable, machine parsable representation of an
event.

Regex ?!
How to parse logs ?
OR Indexing & Labeling

Thinking open source :
Logstash
Graylog
Logalyse
Scribe
Hadooooop
Did you like it ?
Lets look at Logstash …

Already have central Rsyslog/SyslogNg Server ?

Also you can use it as Central Syslog Server
It is too good for Appliances

Use matching input & outputs to Sendﬁle contents to
another log stash for processing.

Further reading on :
logstash.net
logstashbook.com
Juju charms.com/charms/precise/logstash-indexer
Logstash puppet module(github/electrical)

Any question ?
Contact me:  
https://ir.linkedin.com/in/
rezaadineh

Empfohlen

Log analysis using Logstash,ElasticSearch and KibanaAvinash Ramineni

Elasitcsearch + Logstash + Kibana 日誌監控Jui An Huang (黃瑞安)

Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)Cohesive Networks

Log management with ELKGeert Pante

Search Analytics with ELK (Elastic Stack)MC+A

Log analysis with the elk stackVikrant Chauhan

Elk Caleb Wang

Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk ServerBizTalk360

Empfohlen

Log analysis using Logstash,ElasticSearch and KibanaAvinash Ramineni

Elasitcsearch + Logstash + Kibana 日誌監控Jui An Huang (黃瑞安)

Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)Cohesive Networks

Log management with ELKGeert Pante

Search Analytics with ELK (Elastic Stack)MC+A

Log analysis with the elk stackVikrant Chauhan

Elk Caleb Wang

Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk ServerBizTalk360

ELK introductionWaldemar Neto

Logging with Elasticsearch, Logstash & KibanaAmazee Labs

What's new in Elasticsearch v5Idan Tohami

Log analytics with ELK stackAWS User Group Bengaluru

Metrics, Logs, Transaction Traces, Anomaly Detection at ScaleSematext Group, Inc.

Elasticsearch in NetflixDanny Yuan

Microservices, Continuous Delivery, and Elasticsearch at Capital OneNoriaki Tatsumi

ELK: a log management frameworkGiovanni Bechis

ELK Elasticsearch Logstash and Kibana Stack for Log ManagementEl Mahdi Benzekri

Elasticsearch JVM-MX Meetup April 2016Domingo Suarez Torres

How to win skeptics to aggregated logging using Vagrant and ELKSkelton Thatcher Consulting Ltd

Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...Nagios

The ultimate guide for Elasticsearch pluginsItamar

Using Elastic to Monitor Everything - Christoph Wurm, Elastic - DevOpsDays Te...DevOpsDays Tel Aviv

Practical Elasticsearch - real world use casesItamar

NATE-Central-LogStefan Coetzee

Monitoring as Code - IgniteIcinga

Icinga Camp Bangalore - Icinga2 API use cases and BlueJeans Inc.Icinga

Apache Pulsar Community-JenniferStreamNative

DOD 2016 - Rafał Kuć - Building a Resilient Log Aggregation Pipeline Using El...PROIDEA

2015 03-16-elk at-bsidesJeremy Cohoe

Observability from the HomeFaithWestdorp

Weitere ähnliche Inhalte

Was ist angesagt?

ELK introductionWaldemar Neto

Logging with Elasticsearch, Logstash & KibanaAmazee Labs

What's new in Elasticsearch v5Idan Tohami

Log analytics with ELK stackAWS User Group Bengaluru

Metrics, Logs, Transaction Traces, Anomaly Detection at ScaleSematext Group, Inc.

Elasticsearch in NetflixDanny Yuan

Microservices, Continuous Delivery, and Elasticsearch at Capital OneNoriaki Tatsumi

ELK: a log management frameworkGiovanni Bechis

ELK Elasticsearch Logstash and Kibana Stack for Log ManagementEl Mahdi Benzekri

Elasticsearch JVM-MX Meetup April 2016Domingo Suarez Torres

How to win skeptics to aggregated logging using Vagrant and ELKSkelton Thatcher Consulting Ltd

Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...Nagios

The ultimate guide for Elasticsearch pluginsItamar

Using Elastic to Monitor Everything - Christoph Wurm, Elastic - DevOpsDays Te...DevOpsDays Tel Aviv

Practical Elasticsearch - real world use casesItamar

NATE-Central-LogStefan Coetzee

Monitoring as Code - IgniteIcinga

Icinga Camp Bangalore - Icinga2 API use cases and BlueJeans Inc.Icinga

Apache Pulsar Community-JenniferStreamNative

DOD 2016 - Rafał Kuć - Building a Resilient Log Aggregation Pipeline Using El...PROIDEA

Was ist angesagt? (20)

ELK introduction

Logging with Elasticsearch, Logstash & Kibana

What's new in Elasticsearch v5

Log analytics with ELK stack

Metrics, Logs, Transaction Traces, Anomaly Detection at Scale

Elasticsearch in Netflix

Microservices, Continuous Delivery, and Elasticsearch at Capital One

ELK: a log management framework

ELK Elasticsearch Logstash and Kibana Stack for Log Management

Elasticsearch JVM-MX Meetup April 2016

How to win skeptics to aggregated logging using Vagrant and ELK

Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...

The ultimate guide for Elasticsearch plugins

Using Elastic to Monitor Everything - Christoph Wurm, Elastic - DevOpsDays Te...

Practical Elasticsearch - real world use cases

NATE-Central-Log

Monitoring as Code - Ignite

Icinga Camp Bangalore - Icinga2 API use cases and BlueJeans Inc.

Apache Pulsar Community-Jennifer

DOD 2016 - Rafał Kuć - Building a Resilient Log Aggregation Pipeline Using El...

Ähnlich wie Security monitoring log management-describe logstash,kibana,elastic slidshare

2015 03-16-elk at-bsidesJeremy Cohoe

Observability from the HomeFaithWestdorp

Logging using ELK Stack for MicroservicesVineet Sabharwal

Mulesoft ELKIntegration Assistance

Open Distro for ElasticSearch and how Grimoire is using it. Madrid DevOps Oct...javier ramirez

OpenDistro for Elasticsearch and how Bitergia is using it.Madrid DevOpsjavier ramirez

Creating a World-Class RESTful Web Services APIDavid Keener

SmartNews's journey into microservicesSmartNews, Inc.

Lenovo: Elastic Stack Practices in Enterprise IntegrationElasticsearch

IRJET- Hosting NLP based Chatbot on AWS Cloud using DockerIRJET Journal

DevOpsDays Amsterdam 2016 workshopArnold Van Wijnbergen

ELK Solutions Enablement Session - 17th March'2020Ashnikbiz

From BI Developer to Data Engineer with Oracle Analytics Cloud Data Lake EditionRittman Analytics

Introduction to KibanaVineet .

API Platform Cloud Service best practice - OOW17Phil Wilkins

Combining logs, metrics, and traces for unified observabilityElasticsearch

Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...Tyler Nguyen

Yii Framework - Do we really need another php framework?Joachim Eckert

Laserfiche and Sharepoint @ KollabriaMorgan Wheeler

Architecture Evolution 2018Sebastian Schleicher

Ähnlich wie Security monitoring log management-describe logstash,kibana,elastic slidshare (20)

2015 03-16-elk at-bsides

Observability from the Home

Logging using ELK Stack for Microservices

Mulesoft ELK

Open Distro for ElasticSearch and how Grimoire is using it. Madrid DevOps Oct...

OpenDistro for Elasticsearch and how Bitergia is using it.Madrid DevOps

Creating a World-Class RESTful Web Services API

SmartNews's journey into microservices

Lenovo: Elastic Stack Practices in Enterprise Integration

IRJET- Hosting NLP based Chatbot on AWS Cloud using Docker

DevOpsDays Amsterdam 2016 workshop

ELK Solutions Enablement Session - 17th March'2020

From BI Developer to Data Engineer with Oracle Analytics Cloud Data Lake Edition

Introduction to Kibana

API Platform Cloud Service best practice - OOW17

Combining logs, metrics, and traces for unified observability

Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...

Yii Framework - Do we really need another php framework?

Laserfiche and Sharepoint @ Kollabria

Architecture Evolution 2018

Mehr von ReZa AdineH

MITRE-Module 1 Slides.pdfReZa AdineH

MITRE-Module 2 Slides.pdfReZa AdineH

MITRE-Module 4 Slides.pdfReZa AdineH

MITRE-Module 5 Slides.pdfReZa AdineH

MITRE-Module 3 Slides.pdfReZa AdineH

SIEM POC Assessment.pdfReZa AdineH

Cover of book Threat Intelligence for Threat Hunting;Written by Reza AdinehReZa AdineH

Next generation Security Operation Center; Written by Reza AdinehReZa AdineH

Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخدادReZa AdineH

Effective Security Operation Center - present by Reza AdinehReZa AdineH

علت ناکامی بسیاری از پروژههای مرکزعملیاتامنیت چیست ؟ReZa AdineH

Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH

Mehr von ReZa AdineH (12)

MITRE-Module 1 Slides.pdf

MITRE-Module 2 Slides.pdf

MITRE-Module 4 Slides.pdf

MITRE-Module 5 Slides.pdf

MITRE-Module 3 Slides.pdf

SIEM POC Assessment.pdf

Cover of book Threat Intelligence for Threat Hunting;Written by Reza Adineh

Next generation Security Operation Center; Written by Reza Adineh

Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد

Effective Security Operation Center - present by Reza Adineh

علت ناکامی بسیاری از پروژههای مرکزعملیاتامنیت چیست ؟

Security operations center-SOC Presentation-مرکز عملیات امنیت

Kürzlich hochgeladen

Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...amitlee9823

BigBuy dropshipping via API with DroFx.pptxolyaivanovalion

Ravak dropshipping via API with DroFx.pptxolyaivanovalion

Carero dropshipping via API with DroFx.pptxolyaivanovalion

Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service9953056974 Low Rate Call Girls In Saket, Delhi NCR

Edukaciniai dropshipping via API with DroFxolyaivanovalion

Smarteg dropshipping via API with DroFx.pptxolyaivanovalion

Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...shivangimorya083

VidaXL dropshipping via API with DroFx.pptxolyaivanovalion

Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...amitlee9823

April 2024 - Crypto Market Report's Analysismanisha194592

Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightDelhi Call girls

Schema on read is obsolete. Welcome metaprogramming..pdfLars Albertsson

Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAroojKhan71

VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...SUHANI PANDEY

Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Riyadh +966572737505 get cytotec

Determinants of health, dimensions of health, positive health and spectrum of...shambhavirathore45

Mature dropshipping via API with DroFx.pptxolyaivanovalion

(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7Call Girls in Nagpur High Profile Call Girls

Data-Analysis for Chicago Crime Data 2023ymrp368

Kürzlich hochgeladen (20)

Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...

BigBuy dropshipping via API with DroFx.pptx

Ravak dropshipping via API with DroFx.pptx

Carero dropshipping via API with DroFx.pptx

Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service

Edukaciniai dropshipping via API with DroFx

Smarteg dropshipping via API with DroFx.pptx

Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...

VidaXL dropshipping via API with DroFx.pptx

Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...

April 2024 - Crypto Market Report's Analysis

Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night

Schema on read is obsolete. Welcome metaprogramming..pdf

Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha

VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...

Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec

Determinants of health, dimensions of health, positive health and spectrum of...

Mature dropshipping via API with DroFx.pptx

(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7

Data-Analysis for Chicago Crime Data 2023

Security monitoring log management-describe logstash,kibana,elastic slidshare

1. Security Event Monitoring,Log Management Describe: “LogStash,Elastic & Kibana" Present & Gathered by: Reza Adineh Cyber Security Specialist SOC Expert Forensic Researcher Contact me:   https://ir.linkedin.com/in/rezaadineh   Feb-2018

2. Module 1:Elastic: Product Portfolio

3. Phases : How to implement

5. Heart of ELK stack: Elasticsearch Based on Apache Lucene Shay Banon, Compass to Elasticsearch, released in 2010 In 2012 Elastic was founded in Amsterdam RESTful search & Analytics engine

6. The Journey of an Event in elastic:

8. Plugin Ecosystem: Rich Integration & Processing 200+ plugins Extensible framework to easily build your own plugin Logstash Plugins Maintainer Program

10. Module 2:What is ELK Stack ?

11.

12. Need for log analysis Lets understand why do we need log analysis ?

13. Needs for Log analysis

14.

15.

16. Problems with log analysis Lets understand what problems occurred with log analysis ?

17.

18.

19.

20.

21. Log management tool