Millions of events could easily be generated in your network daily. Your
devices will generate events from simple and inoffensive daemon or application
errors to very important events, that defensive and offensive would want to
alert on. But by the end of the day how are you going to save or log all that
information? How will you enrich this data generated by your users, tools, and
devices? How you will correlate them? How
will you create detection alerts and reports ?
In this training our idea is to teach a fast track about how you could use Elastic Stack to cover all the steps of a event logs journey. From local log generation to Hero Detection, showing the attendee how to create smart configurations that will parse and split your data into key fields, transform your logs, correlate, and filter them to create useful outputs to be used in detection and network security analysis.
This workshop will be entirely based on Elastic Stack and basic Python scripts (donit be afraid, we will provide what is needed for the course). Simulating situations with some opensource offensive and defensive tools that will show how the attendees could create great stuff on the cheap, improving your detection capabilities and metrics. And once successful, the important: ask for a raise!