My Bro the ELK: Obtaining Context from Security Events

Black Hat USA 2015

Presented by: Travis Smith
Date: Thursday August 06, 2015
Time: 09:00 - 09:25
Location: South Seas CDF

There are a number of powerful open source tools that empower us to collect, store and visualize data in our environments, as well as provide rich context using external threat intelligence. However, given the amount of data to sift through it can make us complacent and miss important indicators. Instead of having to sift through this data to identify important pieces of information, what if we could automate and orchestrate integrations across the various systems to help us identify and act on real threats?

At Black Hat, we will be releasing a tool that integrates several popular open source and commercial security frameworks to do just that. In this presentation we will highlight the use of ELK (ElasticSearch, Kibana, and LogStash), Bro IDS, and community threat intelligence feeds. By combining these frameworks with threat intelligence providers, security professionals can obtain the business and security context to the events flowing through their environment. We will also be releasing the open source framework that will automate the collection of evidence for incident response for quicker response times by security teams.

Travis Smith

Travis Smith is a Senior Security Analyst developing Tripwires security and compliance solutions. He has 10+ years in the security industry in various positions, including technical support, professional services, and R&D.; Travis holds a Masters of Business Administration with a concentration in information security, as well as multiple industry certifications such as the Certified Information Systems Security Professional (CISSP) and GIAC Certified Penetration Tester (GPEN).


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats