Vortrag: Moose? Nope, ELK!
a modern open-source log management and threat detection approach
practical hands-on overview on modern open-soure log management and threat detection solutions
Logfile Analysis is the staff of life of every sysadmin or developer.
You have to read and understand logfiles in order to troubleshoot the
This is especially critical when it comes to security incidents, e.g
intrusions. OSSEC is pretty good at that.
I'd like to show that by combining OSSEC with the very popular ELK
stack (Elasticsearch, Logstash, Kibana) you can get a pretty decent
open-source SIEM. It might not be as professional as the commerical
ones, but it does a pretty good job. With a bit of customization you
can build Compliance dashboards (e.g PCI DSS, CIS).
This would be more in a show & tell fashion...
I would also like to show the rootkit detection module in OSSEC.
Currently it checks locally for rootkits and checks for suspicious files.
It also tries to scan for hardening procedures by taking advantage of OpenSCAP to reach its full potential.
With this presentation I want to raise awareness of OSSEC and highlight its potential as a decent host intrusion detection system. My hope is that afterwards some people might participate in the development of OSSEC (after all it's on github)
Anfang: 15:45 Uhr