Grokking SecOps Data with ELK

Wednesday, May 03 | 10:20AM–11:20AM | Denver Ballroom 4-6, Lower Level 2
Session Type: Breakout Session
Delivery Format: Concurrent Session
The use of the ELK stack has exploded in many IT areas, but particularly in SecOps departments. The speed and efficiency of generating useful metrics and aggregating mountains of data from network, firewall, and IPS devices is a world apart from traditional information gathering and plain-text log files. We'll explore the three components of the stack, basic installation, and configuration, then look at how the stack has been put to work in SecOps at two different institutions. We will present a mix of technical and "big picture" explanations, with emphasis on practical and appropriate uses for the technology. This is a topic specific/intermediate level session.

Outcomes: Learn about the ELK stack and its components *Understand where ELK may be an effective and efficient use of resources *Experience ELK in person with real data instead of through pictures


  • Dan Boyd

    Director of Information Security, Berry College
  • Kevin Wilcox

    Information Security Specialist, Appalachian State University