Referent: Theresa Meiksner
Sysadmin with a special focus and affection to log analysis and threat detection. Loves wading through piles of log files and playing around with new tools -- come say hello (I don't bite, promised) ;-)
A practical hands-on overview on modern log analysis and host-intrusion detection solutions.
Logfile Analysis is the staff of life of every sysadmin or developer.
You have to read and understand logfiles in order to troubleshoot the
This is especially critical when it comes to security incidents, e.g
intrusions. OSSEC is pretty good at that.
I'd like to show that by combining OSSEC with the very popular ELK
stack (Elasticsearch, Logstash, Kibana) you can get a pretty decent
open-source SIEM. It might not be as professional as the commerical
ones, but it does a pretty good job. With a bit of customization you
can build Compliance dashboards (e.g PCI DSS, CIS).
This would be more in a show & tell fashion...
I would also like to show the rootkit detection module in OSSEC.
Currently it checks locally for rootkits and checks for suspicious files.
It also tries to scan for hardening procedures by taking advantage of OpenSCAP to reach its full potential.
With this presentation I want to raise awareness for OSSEC and highlight its potential as a decent host intrusion detection system. My hope is that afterwards some people might participate in the development of OSSEC (after all it's on github)