SlideShare ist ein Scribd-Unternehmen logo

(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling your own Open Source SIEM & SOAR

Priyanka Aash
Priyanka Aash

Open Source technologies are being widely adopted to help SOC / DevSecOps teams in day to day operations. We'll be showcasing how we've built our SIEM using Apache Metron with a custom SOAR layer - Blitz over it to alert and respond to threats in real time. We'll deep dive into the architecture of both platforms and demonstrate various use cases covering cloud infra, endpoint devices, outbound traffic and perimeter security threats. We'll also present how to automate remediation to alerts and scale the setup for orchestration and threat hunting.

Technologie
1 von 42
SACON 2020
SACON 2020 Who are we anyway?
SACON 2020
SACON 2020 Some subject gyan
SACON 2020 We’ve got the stuff!
SACON 2020 And…..
SACON 2020 Proprietary SIEM challenges ● Device Integration and log parsing ● Log enrichment ● Log correlation from multiple sources ● Cost ● Scaling SIEM components ● Updates ● Customisations
SACON 2020 We needed something more… o ~4000 events per second (this is going up) – parsed, enriched and indexed! o ~30 million events per day - long term data retention and analytics o ~150 alerts post correlation o Horizontally scalable platform o Attribute level statistical profiling o Threat visualization o Threat hunting
SACON 2020 Statistical Profiling
SACON 2020
SACON 2020 Tech Stack - Metron, Homegrown, AWS ParseIngest Enrich & Index STELLAR Alerting Framework Block Escalate Scan JIRA Alert & Action Kafka Filebeat Analytics, ML, Visualisation AWS Athena Zeppelin
SACON 2020 Scale
SACON 2020 Architecture HTTPD Firewall IDS/IPS VPN Application Proxy Mail Network Enrichment (Storm) Indexing (Storm) Profiler (Storm) Blitz ( Alerting & Ticketing ) Parsing (Storm) S3 Elastic Search Kibana Redash Athena Zeppelin AWS Biz Events SageMaker
SACON 2020 Metron - Enrichment & Profiler Destination Geo Profiling For each geolocation, aggregate the bytes sent out Profile expiry : 1 day Check if current volume is greater than mean volume Lookup Enrichment Check if destination host/port is whitelisted or destination is a legit SMTP No Set alert = True for the eventPush to indexing IPS Logs
SACON 2020 Some Use Cases
SACON 2020 Objective: ● to flag change in server behavior basis it’s producer / consumer ratio ● to detect server compromise and bypass of security controls ● to detect data exfiltration Profile Created: ● Server’s Producer / Consumer Ratio Rules: ● If abs(current avg PCR – previous avg PCR) > 0.5 Change in server behaviour basis PCR
SACON 2020 Objective: ● to detect malware injected in server / code ● to detect security control bypass Profile Created: ● Known User Agents per server or VLAN Rules: ● Flag any new User Agent that a server or VLAN has never used before Un-usual User Agents used by a server or VLAN
SACON 2020 Objective : ● to detect misconfiguration & security bypass ● to detect insider threat Profile Created: ● Unique AWS Events triggered per bucket retained over a period of X days Rules: ● Flag any event triggered for an S3 resource that has not been observed for it in the past X days AWS Anomalous S3 Activity
SACON 2020 Objective : ● to detect credential compromise ● to detect credential sharing Profile Created: ● User agent, IP address and geolocation of each user logging in for X days Rules: ● Alert if a new user agent for the user is observed ● Alert if a new IP address for the user is observed ● Alert if a new geolocation (country) is observed AWS Anomalous User Login
SACON 2020 AWS Anomalous Activity Objective : ● to detect lateral movement of threat ● to detect misconfiguration and security bypass Profile Created: ● For all combinations of account, event source and aws_region, profile events, user agent and geolocation (country) Rules: ● Alert if a new user agent for the profile is observed ● Alert if a new event for the profile is observed ● Alert if a new geolocation (country) is observed
SACON 2020 SOARing over threats
SACON 2020 What is this … Blitz ? Well, now that Metron has helped you identify an anomaly, WHAT IF ● You can get the anomaly alert details on a neatly generated email / JIRA ticket? ● You can custom enrich alert information with data from internal and external sources ? ○ WHOIS info ○ Known Hosting IP ○ Reverse DNS Info ○ Customer Reputation & History
SACON 2020 ● And have action buttons in the alert itself to respond in real time ? ○ Block IP or source ○ Raise a ticket ○ Forward to concerned team ○ Remediate endpoint
SACON 2020 Blitz - Overview ● Open Source incident response automation framework aimed at accelerating incident triage, tracking and response capabilities ● Ingests device agnostic alert data structured in JSON format ● Enriches alerts and makes them actionable using embedded custom response buttons ● Easily integrated with Metron using Nifi. ● Code and deployment instructions can be found at : https://github.com/makemytrip/blitz
SACON 2020 Blitz - Architecture Enrichments Configuration Output Templates Core Driver & Helper Modules Alert Output Modules
SACON 2020
SACON 2020 Blitz - Components ● Core Driver (Logic Engine) - processing alert data, calling enrichments and building output ● Enrichment Engine - Container for enrichment modules that fetch information from other sources/APIs. ● Device Configuration - Configure enrichments, actions, tokens for all integrated devices ● Output Templates - Building and adjusting your alert UI ● Output Integrations - choosing SOC alert integration : email, JIRA, Http, JSON/File
SACON 2020 Building Configuration
SACON 2020 Routing alert data to Blitz - Parsing / Deduplicating
SACON 2020 Blitz - In Action
SACON 2020 Blitz - In Action
SACON 2020 Visualizations on Data Lake Using Redash
SACON 2020 Privileged Activity & Sensitive Asset Monitoring Redash - Data Lake (PAM/SAM Reports)
SACON 2020 Redash - Data Lake (WAF Events)
SACON 2020 Helium Charts Redash - Data Lake (AWS Events)
SACON 2020 Helium Charts Redash - Data Lake (IPS Events)
SACON 2020 Helium Charts Redash - Data Lake (End User Events)
SACON 2020 Serverless Security Data Lake Indexing Topology
SACON 2020 Anatomy of a Hunt - ML aided Security Data Lake Feature Extraction Model Persistence/Up dates Model Training Anomaly Detection & Analysis
SACON 2020 Thank you Questions? Fire !
SACON 2020 Backup Slides
SACON 2020 Metron Profiler Explained

Empfohlen

(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ... (SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...Priyanka Aash
 
(SACON) M T Karunakaran  - Quantum safe Networks
(SACON) M T Karunakaran  - Quantum safe Networks(SACON) M T Karunakaran  - Quantum safe Networks
(SACON) M T Karunakaran  - Quantum safe NetworksPriyanka Aash
 
(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN SecurityPriyanka Aash
 
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and BeyondPriyanka Aash
 
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...Priyanka Aash
 
(SACON) Anant Shrivastava - cloud pentesting
(SACON) Anant Shrivastava - cloud pentesting(SACON) Anant Shrivastava - cloud pentesting
(SACON) Anant Shrivastava - cloud pentestingPriyanka Aash
 
Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)Priyanka Aash
 
SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)Priyanka Aash
 

Empfohlen

(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ... (SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...Priyanka Aash
 
(SACON) M T Karunakaran  - Quantum safe Networks
(SACON) M T Karunakaran  - Quantum safe Networks(SACON) M T Karunakaran  - Quantum safe Networks
(SACON) M T Karunakaran  - Quantum safe NetworksPriyanka Aash
 
(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN SecurityPriyanka Aash
 
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and BeyondPriyanka Aash
 
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...Priyanka Aash
 
(SACON) Anant Shrivastava - cloud pentesting
(SACON) Anant Shrivastava - cloud pentesting(SACON) Anant Shrivastava - cloud pentesting
(SACON) Anant Shrivastava - cloud pentestingPriyanka Aash
 
Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)Priyanka Aash
 
SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)Priyanka Aash
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)Priyanka Aash
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone
 
Beyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryBeyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryPriyanka Aash
 
SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)Priyanka Aash
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dApps[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dAppsOWASP
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)Priyanka Aash
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryPriyanka Aash
 
Security Program Development for the Hipster Company
Security Program Development for the Hipster CompanySecurity Program Development for the Hipster Company
Security Program Development for the Hipster CompanyPriyanka Aash
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...DevOps.com
 
Identity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsIdentity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsPriyanka Aash
 
SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)Priyanka Aash
 
SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)Priyanka Aash
 
(SACON) Wasim Halani - OSINT threat hunting
(SACON) Wasim Halani - OSINT threat hunting(SACON) Wasim Halani - OSINT threat hunting
(SACON) Wasim Halani - OSINT threat huntingPriyanka Aash
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesPriyanka Aash
 
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...Amazon Web Services
 
IoT at Scale: Monitor and Manage Devices with AWS IoT Device Management (IOT3...
IoT at Scale: Monitor and Manage Devices with AWS IoT Device Management (IOT3...IoT at Scale: Monitor and Manage Devices with AWS IoT Device Management (IOT3...
IoT at Scale: Monitor and Manage Devices with AWS IoT Device Management (IOT3...Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)Priyanka Aash
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone
 
Beyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryBeyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryPriyanka Aash
 
SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)Priyanka Aash
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dApps[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dAppsOWASP
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)Priyanka Aash
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryPriyanka Aash
 
Security Program Development for the Hipster Company
Security Program Development for the Hipster CompanySecurity Program Development for the Hipster Company
Security Program Development for the Hipster CompanyPriyanka Aash
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...DevOps.com
 
Identity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsIdentity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsPriyanka Aash
 
SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)Priyanka Aash
 
SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)Priyanka Aash
 
(SACON) Wasim Halani - OSINT threat hunting
(SACON) Wasim Halani - OSINT threat hunting(SACON) Wasim Halani - OSINT threat hunting
(SACON) Wasim Halani - OSINT threat huntingPriyanka Aash
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesPriyanka Aash
 

Was ist angesagt? (20)

Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined Perimeter
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
 
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined Perimeter
 
Beyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryBeyond the mcse red teaming active directory
Beyond the mcse red teaming active directory
 
SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical Architecture
 
[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dApps[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dApps
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
 
SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
 
Security Program Development for the Hipster Company
Security Program Development for the Hipster CompanySecurity Program Development for the Hipster Company
Security Program Development for the Hipster Company
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
 
Identity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsIdentity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of Things
 
SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)
 
SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)
 
(SACON) Wasim Halani - OSINT threat hunting
(SACON) Wasim Halani - OSINT threat hunting(SACON) Wasim Halani - OSINT threat hunting
(SACON) Wasim Halani - OSINT threat hunting
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security Headaches
 

Ähnlich wie (SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling your own Open Source SIEM & SOAR

IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...Amazon Web Services
 
IoT at Scale: Monitor and Manage Devices with AWS IoT Device Management (IOT3...
IoT at Scale: Monitor and Manage Devices with AWS IoT Device Management (IOT3...IoT at Scale: Monitor and Manage Devices with AWS IoT Device Management (IOT3...
IoT at Scale: Monitor and Manage Devices with AWS IoT Device Management (IOT3...Amazon Web Services
 
Data analytics master class: predict hotel revenue
Data analytics master class: predict hotel revenueData analytics master class: predict hotel revenue
Data analytics master class: predict hotel revenueKris Peeters
 
WSO2 IoT Server - Product Overview
WSO2 IoT Server - Product OverviewWSO2 IoT Server - Product Overview
WSO2 IoT Server - Product OverviewWSO2
 
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel LavoieSpring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel LavoieVMware Tanzu
 
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...VMware Tanzu
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Sumo Logic
 
Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoringJohn Varghese
 
KFServing Payload Logging for Trusted AI
KFServing Payload Logging for Trusted AIKFServing Payload Logging for Trusted AI
KFServing Payload Logging for Trusted AIAnimesh Singh
 
Monitorización de seguridad y detección de amenazas con AWS
Monitorización de seguridad y detección de amenazas con AWSMonitorización de seguridad y detección de amenazas con AWS
Monitorización de seguridad y detección de amenazas con AWSjavier ramirez
 
batbern43 Events - Lessons learnt building an Enterprise Data Bus
batbern43 Events - Lessons learnt building an Enterprise Data Busbatbern43 Events - Lessons learnt building an Enterprise Data Bus
batbern43 Events - Lessons learnt building an Enterprise Data BusBATbern
 
SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...
SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...
SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...Kocapep
 
SEC302-S-143971-AWS-Prismacloud.pptx
SEC302-S-143971-AWS-Prismacloud.pptxSEC302-S-143971-AWS-Prismacloud.pptx
SEC302-S-143971-AWS-Prismacloud.pptxDubemJavapi
 
AWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoTAWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoTAmazon Web Services
 
AWS re:Invent 2016: Innovation After Installation: Establishing a Digital Rel...
AWS re:Invent 2016: Innovation After Installation: Establishing a Digital Rel...AWS re:Invent 2016: Innovation After Installation: Establishing a Digital Rel...
AWS re:Invent 2016: Innovation After Installation: Establishing a Digital Rel...Amazon Web Services
 
AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...
AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...
AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...Amazon Web Services
 
WSO2Con USA 2015: WSO2 Platform for IoT
WSO2Con USA 2015: WSO2 Platform for IoTWSO2Con USA 2015: WSO2 Platform for IoT
WSO2Con USA 2015: WSO2 Platform for IoTWSO2
 
Apache Kafka® and Analytics in a Connected IoT World
Apache Kafka® and Analytics in a Connected IoT WorldApache Kafka® and Analytics in a Connected IoT World
Apache Kafka® and Analytics in a Connected IoT Worldconfluent
 

Ähnlich wie (SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling your own Open Source SIEM & SOAR (20)

IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
 
IoT at Scale: Monitor and Manage Devices with AWS IoT Device Management (IOT3...
IoT at Scale: Monitor and Manage Devices with AWS IoT Device Management (IOT3...IoT at Scale: Monitor and Manage Devices with AWS IoT Device Management (IOT3...
IoT at Scale: Monitor and Manage Devices with AWS IoT Device Management (IOT3...
 
Data analytics master class: predict hotel revenue
Data analytics master class: predict hotel revenueData analytics master class: predict hotel revenue
Data analytics master class: predict hotel revenue
 
WSO2 IoT Server - Product Overview
WSO2 IoT Server - Product OverviewWSO2 IoT Server - Product Overview
WSO2 IoT Server - Product Overview
 
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel LavoieSpring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
 
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018
 
Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoring
 
KFServing Payload Logging for Trusted AI
KFServing Payload Logging for Trusted AIKFServing Payload Logging for Trusted AI
KFServing Payload Logging for Trusted AI
 
Monitorización de seguridad y detección de amenazas con AWS
Monitorización de seguridad y detección de amenazas con AWSMonitorización de seguridad y detección de amenazas con AWS
Monitorización de seguridad y detección de amenazas con AWS
 
batbern43 Events - Lessons learnt building an Enterprise Data Bus
batbern43 Events - Lessons learnt building an Enterprise Data Busbatbern43 Events - Lessons learnt building an Enterprise Data Bus
batbern43 Events - Lessons learnt building an Enterprise Data Bus
 
SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...
SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...
SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...
 
SEC302-S-143971-AWS-Prismacloud.pptx
SEC302-S-143971-AWS-Prismacloud.pptxSEC302-S-143971-AWS-Prismacloud.pptx
SEC302-S-143971-AWS-Prismacloud.pptx
 
AWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoTAWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoT
 
AWS re:Invent 2016: Innovation After Installation: Establishing a Digital Rel...
AWS re:Invent 2016: Innovation After Installation: Establishing a Digital Rel...AWS re:Invent 2016: Innovation After Installation: Establishing a Digital Rel...
AWS re:Invent 2016: Innovation After Installation: Establishing a Digital Rel...
 
AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...
AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...
AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...
 
SRV408 Deep Dive on AWS IoT
SRV408 Deep Dive on AWS IoTSRV408 Deep Dive on AWS IoT
SRV408 Deep Dive on AWS IoT
 
WSO2Con USA 2015: WSO2 Platform for IoT
WSO2Con USA 2015: WSO2 Platform for IoTWSO2Con USA 2015: WSO2 Platform for IoT
WSO2Con USA 2015: WSO2 Platform for IoT
 
AWS IoT Deep Dive
AWS IoT Deep DiveAWS IoT Deep Dive
AWS IoT Deep Dive
 
Apache Kafka® and Analytics in a Connected IoT World
Apache Kafka® and Analytics in a Connected IoT WorldApache Kafka® and Analytics in a Connected IoT World
Apache Kafka® and Analytics in a Connected IoT World
 

Mehr von Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

Mehr von Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Kürzlich hochgeladen

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 

Kürzlich hochgeladen (20)

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling your own Open Source SIEM & SOAR

  • 2. SACON 2020 Who are we anyway?
  • 7. SACON 2020 Proprietary SIEM challenges ● Device Integration and log parsing ● Log enrichment ● Log correlation from multiple sources ● Cost ● Scaling SIEM components ● Updates ● Customisations
  • 8. SACON 2020 We needed something more… o ~4000 events per second (this is going up) – parsed, enriched and indexed! o ~30 million events per day - long term data retention and analytics o ~150 alerts post correlation o Horizontally scalable platform o Attribute level statistical profiling o Threat visualization o Threat hunting
  • 11. SACON 2020 Tech Stack - Metron, Homegrown, AWS ParseIngest Enrich & Index STELLAR Alerting Framework Block Escalate Scan JIRA Alert & Action Kafka Filebeat Analytics, ML, Visualisation AWS Athena Zeppelin
  • 13. SACON 2020 Architecture HTTPD Firewall IDS/IPS VPN Application Proxy Mail Network Enrichment (Storm) Indexing (Storm) Profiler (Storm) Blitz ( Alerting & Ticketing ) Parsing (Storm) S3 Elastic Search Kibana Redash Athena Zeppelin AWS Biz Events SageMaker
  • 14. SACON 2020 Metron - Enrichment & Profiler Destination Geo Profiling For each geolocation, aggregate the bytes sent out Profile expiry : 1 day Check if current volume is greater than mean volume Lookup Enrichment Check if destination host/port is whitelisted or destination is a legit SMTP No Set alert = True for the eventPush to indexing IPS Logs
  • 16. SACON 2020 Objective: ● to flag change in server behavior basis it’s producer / consumer ratio ● to detect server compromise and bypass of security controls ● to detect data exfiltration Profile Created: ● Server’s Producer / Consumer Ratio Rules: ● If abs(current avg PCR – previous avg PCR) > 0.5 Change in server behaviour basis PCR
  • 17. SACON 2020 Objective: ● to detect malware injected in server / code ● to detect security control bypass Profile Created: ● Known User Agents per server or VLAN Rules: ● Flag any new User Agent that a server or VLAN has never used before Un-usual User Agents used by a server or VLAN
  • 18. SACON 2020 Objective : ● to detect misconfiguration & security bypass ● to detect insider threat Profile Created: ● Unique AWS Events triggered per bucket retained over a period of X days Rules: ● Flag any event triggered for an S3 resource that has not been observed for it in the past X days AWS Anomalous S3 Activity
  • 19. SACON 2020 Objective : ● to detect credential compromise ● to detect credential sharing Profile Created: ● User agent, IP address and geolocation of each user logging in for X days Rules: ● Alert if a new user agent for the user is observed ● Alert if a new IP address for the user is observed ● Alert if a new geolocation (country) is observed AWS Anomalous User Login
  • 20. SACON 2020 AWS Anomalous Activity Objective : ● to detect lateral movement of threat ● to detect misconfiguration and security bypass Profile Created: ● For all combinations of account, event source and aws_region, profile events, user agent and geolocation (country) Rules: ● Alert if a new user agent for the profile is observed ● Alert if a new event for the profile is observed ● Alert if a new geolocation (country) is observed
  • 22. SACON 2020 What is this … Blitz ? Well, now that Metron has helped you identify an anomaly, WHAT IF ● You can get the anomaly alert details on a neatly generated email / JIRA ticket? ● You can custom enrich alert information with data from internal and external sources ? ○ WHOIS info ○ Known Hosting IP ○ Reverse DNS Info ○ Customer Reputation & History
  • 23. SACON 2020 ● And have action buttons in the alert itself to respond in real time ? ○ Block IP or source ○ Raise a ticket ○ Forward to concerned team ○ Remediate endpoint
  • 24. SACON 2020 Blitz - Overview ● Open Source incident response automation framework aimed at accelerating incident triage, tracking and response capabilities ● Ingests device agnostic alert data structured in JSON format ● Enriches alerts and makes them actionable using embedded custom response buttons ● Easily integrated with Metron using Nifi. ● Code and deployment instructions can be found at : https://github.com/makemytrip/blitz
  • 25. SACON 2020 Blitz - Architecture Enrichments Configuration Output Templates Core Driver & Helper Modules Alert Output Modules
  • 27. SACON 2020 Blitz - Components ● Core Driver (Logic Engine) - processing alert data, calling enrichments and building output ● Enrichment Engine - Container for enrichment modules that fetch information from other sources/APIs. ● Device Configuration - Configure enrichments, actions, tokens for all integrated devices ● Output Templates - Building and adjusting your alert UI ● Output Integrations - choosing SOC alert integration : email, JIRA, Http, JSON/File
  • 29. SACON 2020 Routing alert data to Blitz - Parsing / Deduplicating
  • 30. SACON 2020 Blitz - In Action
  • 31. SACON 2020 Blitz - In Action
  • 32. SACON 2020 Visualizations on Data Lake Using Redash
  • 33. SACON 2020 Privileged Activity & Sensitive Asset Monitoring Redash - Data Lake (PAM/SAM Reports)
  • 34. SACON 2020 Redash - Data Lake (WAF Events)
  • 35. SACON 2020 Helium Charts Redash - Data Lake (AWS Events)
  • 36. SACON 2020 Helium Charts Redash - Data Lake (IPS Events)
  • 37. SACON 2020 Helium Charts Redash - Data Lake (End User Events)
  • 38. SACON 2020 Serverless Security Data Lake Indexing Topology
  • 39. SACON 2020 Anatomy of a Hunt - ML aided Security Data Lake Feature Extraction Model Persistence/Up dates Model Training Anomaly Detection & Analysis