Back To Schedule
Saturday, March 28 • 11:00am - 11:30am
How to build your own SIEM with open source tools and methodologies

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Ever asked a vendor for alert rules or techniques to catch the bad guys only to be told: “every organization is unique”? While there is some truth to that, there also are a bunch of techniques that can be used across any organization based on common attack methodologies. 

In this talk I will discuss how to abstract some of the common event logs from your network, hosts and security devices into the MITRE ATT&CK framework and make sense of the noise. Defenders can use it to identify the spectrum of techniques that an attacker may exhibit, then look across their processes and controls to identify gaps in detection and prevention coverage. 

Presentation details: 

The SIEM problem: 
1) Data that gets loaded to the SIEM is what gives it value. Show as example, a Windows system noisy log and the small events that typically matter. 
2) A SIEM can’t automate information security domain expertise. What if we map the application of your logs to your specific needs? Example - lateral movement based on IDS logs. 
3) One of the most common failings I have seen is a SIEM overstuffed with useless data. What if we can surface only the high risk threats to the user? 
The Abstract solution: 
4) Introducing MITRE ATT&CK - Overview of the open source framework model of attacker methodologies. 
5) Open source SIEM - Using open source for ELK such as Logstash / Beats blugins can help you build your own SIEM with much lower cost. 
6) open source ATT&CK + open source SIEM are happy marriage! Examples of making sense of logs on ELK based on ATT&CK framework 
7) Summary - Your security team don't need to be “master defenders” to properly implement SIEM and see positive results.

Zoom link: https://zoom.us/j/266304316


Saturday March 28, 2020 11:00am - 11:30am EDT
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA