Threat Intel, IPAM and GeoIP- the power of integrated security event enrichment

preview_player
Показать описание
Enriching Elastic security logs with internal network information (IPAM), MISP threat intelligence and GeoIP location data greatly helps analysts research and classify events. But even better, the power of the Elastic Query DSL empowers us to combine these enrichments to create powerful threat hunting visualizations and executive dashboards. Learn how you can build real-time visualizations to display your most targeted assets and your most active attackers. New queries are possible, for example, to detect anomalous login network latencies based on geographical distance between source and destination. Heat maps can now visualize targeted subnets and highlight malicious insider activities.

This presentation will briefly summarize previous presentations on how to enrich security logs. It then focuses on how to use these enrichments to create new, integrative use cases on the forefront of modern threat detection.

Authors: George Boitano, Murali Venkataraman

  1. Official Elastic Community
  2. elastic
  3. elasticsearch
  4. kibana
  5. logstash
  6. IPAM
Рекомендации по теме
Threat Intel, IPAM 0:53:34

Threat Intel, IPAM and GeoIP- the power of integrated security event enrichment

Writing Meaningful Threat 2:32:46

Writing Meaningful Threat Intel Reports in MISP

Logstash and Maxmind: 0:38:07

Logstash and Maxmind: Not Just for GEOIP Anymore - Jul 2, 2020 Elastic Meetup

Webinar: Operational Threat 0:54:12

Webinar: Operational Threat Intelligence by Joe Slowik

Threat Hunting for 0:43:55

Threat Hunting for IOCs with Elastic Stack

What is MISP? 0:03:13

What is MISP? | Non-technical overview of the MISP threat intelligence platform

Integration: MISP and 0:03:08

Integration: MISP and PassiveTotal

What is wrong 0:07:39

What is wrong Cyber Threat Intelligence? How do we fix it? #threatintel #stix

Top 20 Open 0:04:08

Top 20 Open Source Threat Intelligence Feeds

Enriching Elastic Security 0:15:33

Enriching Elastic Security Events and Alerts with Threat Intelligence

Config logstash-tcpdump with 0:13:52

Config logstash-tcpdump with geoip geo_point on elk

Elastic SIEM sample 0:09:12

Elastic SIEM sample dashboards

ElasticON EMEA: Defending 0:26:39

ElasticON EMEA: Defending against the dark arts, improve speed to security with Elastic

Making Threat Intelligence 0:45:38

Making Threat Intelligence Actionable with DomainTools and Bandura Cyber

Config logstash-tcpdump with 0:09:29

Config logstash-tcpdump with geoip geo_point on elk

Automated Enrichment 0:00:25

Automated Enrichment

OSINT + Offensive 1:02:03

OSINT + Offensive Security

BlueHat IL 2022 0:52:46

BlueHat IL 2022 - Andrew Morris - Staying Ahead of Internet Background Exploitation

SIEM, XDR, SOAR: 1:32:29

SIEM, XDR, SOAR: Which ones do you need?

Weekly Challenge #3 1:08:06

Weekly Challenge #3 - GeoIP Lookup

[Breakout #1] Better 0:48:41

[Breakout #1] Better Alerts via Log Enrichment | All-Around Defenders

Incident enrichment to 0:12:14

Incident enrichment to speed up your path to safety by Syra Arif

Automatic data enrichment 0:00:33

Automatic data enrichment in OneView® │ SCADA International

DataX: Automated Product 0:01:32

DataX: Automated Product Data Onboarding for Distributors