The use of the ELK stack has exploded in many IT areas, but particularly in SecOps departments. The speed and efficiency of generating useful metrics and aggregating mountains of data from network, firewall, and IPS devices is a world apart from traditional information gathering and plain-text log files. We'll explore the three components of the stack, basic installation, and configuration, then look at how the stack has been put to work in SecOps at two different institutions. We will present a mix of technical and "big picture" explanations, with emphasis on practical and appropriate uses for the technology. This is a topic specific/intermediate level session.
Outcomes: Learn about the ELK stack and its components *Understand where ELK may be an effective and efficient use of resources *Experience ELK in person with real data instead of through pictures
Director of Information Security, Berry College
Information Security Specialist, Appalachian State University