My Bro the ELK: Obtaining Context from Security Events

There are a number of powerful open source tools that empower us to collect, store and visualize data in our environments, as well as provide rich context using external threat intelligence. However, given the amount of data to sift through it can make us complacent and miss important indicators. Instead of having to sift through this data to identify important pieces of information, what if we could automate and orchestrate integrations across the various systems to help us identify and act on real threats?

At Black Hat, we will be releasing a tool that integrates several popular open source and commercial security frameworks to do just that. In this presentation we will highlight the use of ELK (ElasticSearch, Kibana, and LogStash), Bro IDS, and community threat intelligence feeds. By combining these frameworks with threat intelligence providers, security professionals can obtain the business and security context to the events flowing through their environment. We will also be releasing the open source framework that will automate the collection of evidence for incident response for quicker response times by security teams.

Presented by