BSidesLV 2017 has ended
Back To Schedule
Tuesday, July 25 • 14:00 - 17:55
Elastic-ing All the Things - Saving anything at elastic stack and having fun with detections FULL

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Millions of events could easily be generated in your network daily. Your devices will generate events from simple and inoffensive daemon or application errors to very important events, that defensive and offensive would want to alert on. But by the end of the day how are you going to save or log all that information? How will you enrich this data generated by your users, tools, and devices? How you will correlate them? How
will you create detection alerts and reports ?

In this training our idea is to teach a fast track about how you could use Elastic Stack to cover all the steps of a event logs journey. From local log generation to Hero Detection, showing the attendee how to create smart configurations that will parse and split your data into key fields, transform your logs, correlate, and filter them to create useful outputs to be used in detection and network security analysis.

This workshop will be entirely based on Elastic Stack and basic Python scripts (donít be afraid, we will provide what is needed for the course). Simulating situations with some opensource offensive and defensive tools that will show how the attendees could create great stuff on the cheap, improving your detection capabilities and metrics. And once successful, the important: ask for a raise!

avatar for Felipe “Pr0teus

Felipe “Pr0teus" Esposito

Security Researcher
Felipe “Pr0teus” has 10 years experience in T.I, masters degree in Computer Systems and network. His interests includes Network Covert Channels,Information visualization, Log analysis and Incident Response. Currently working for Rio de Janeiro state court as Network Security Admin... Read More →
avatar for Rodrigo Montoro

Rodrigo Montoro

Security Researcher
Rodrigo “Sp0oKeR” Montoro has 15 years of experience deploying open source security software (firewalls, IDS, IPS, HIDS, log management) and hardening systems. Currently he is Security Researcher/ SOC. Prior to joining Clavis he worked as a Senior Security administrator at Sucuri... Read More →

Tuesday July 25, 2017 14:00 - 17:55 PDT
Training Ground 3 (The Platinum, Platinum Room) 211 E Flamingo Rd, Las Vegas, NV 89169