BSidesLV 2017

Millions of events could easily be generated in your network daily. Your devices will generate events from simple and inoffensive daemon or application errors to very important events, that defensive and offensive would want to alert on. But by the end of the day how are you going to save or log all that information? How will you enrich this data generated by your users, tools, and devices? How you will correlate them? How
will you create detection alerts and reports ?

In this training our idea is to teach a fast track about how you could use Elastic Stack to cover all the steps of a event logs journey. From local log generation to Hero Detection, showing the attendee how to create smart configurations that will parse and split your data into key fields, transform your logs, correlate, and filter them to create useful outputs to be used in detection and network security analysis.

This workshop will be entirely based on Elastic Stack and basic Python scripts (donít be afraid, we will provide what is needed for the course). Simulating situations with some opensource offensive and defensive tools that will show how the attendees could create great stuff on the cheap, improving your detection capabilities and metrics. And once successful, the important: ask for a raise!