Want a SIEM? Build It with ELK! (separate registration is required)

Tuesday, April 10 | 8:30AM–4:30PM ET | Watertable Ballroom AB, Fifth Floor
Session Type: Additional Fee Program
Delivery Format: Preconference Workshop
The Elastic stack has seen a huge surge in popularity in higher education due to its power, functionality, and cost. Despite these things, it is still somewhat painful to deploy and configure for large environments. We will take a deep dive into configuring and deploying Elastic as a SIEM, including writing patterns for custom logs, building dashboards, and setting alerts for important events. Want to give your help desk access to your logs, log/audit every command on your Linux servers, and decrease the time it takes to search your Google logins by a factor of 10? We'll cover that too!

Outcomes: Better understand how Elastic parses and stores your data, including how to get meaningful data from your custom logs * Learn how to build dashboards to better visualize your log data, making it easier to find anomalies and hunt for the evil needle in the questionable haystack * Obtain the tools to start building an enterprise-grade SIEM from free software

Presenters

  • Kevin Wilcox

    Information Security Specialist, Appalachian State University

Resources & Downloads

  • Need a SIEM Build it

    3 MB, pdf - Updated on 4/18/2018