Confirm course information with the vendor. Dates and locations can change. Courses can be cancelled.
If you are a training vendor and want (1) add courses or (2) correct the information, send a message through the Contact Page.
If you login with your Facebook, Google, or Twitter account, you will see additional links to submit training courses or tools.
Threat Hunting with ELK Hands-On
Thursday, April 6, 2017
9:00 AM – 5:00 PM
One-Day, 8 CPEs
Fred Mastrippolito, President & CEO, Polito, Inc.
Ben Hughes, Senior Security Engineer, Polito, Inc.
Successful log analysis is a cornerstone of any network or endpoint security program. Whether your organization is relying primarily on "next-gen" commercial security appliances or free security solutions, these tools will typically generate logs at scale that need to be collected, managed, tuned, enriched, monitored, analyzed, correlated, and reported. Even if your organization does not have a "next-gen" security monitoring solution at the network perimeter or on endpoints, or perhaps does not have a commercial SIEM solution, open source, or otherwise, free alternatives can be rapidly deployed to provide inexpensive yet effective security log monitoring and threat hunting capabilities.
This hands-on class will walk attendees through the basics of how to leverage the open source ELK stack to automatically and manually analyze diverse logs to proactively identify malicious activity. The basic tools, techniques, and procedures taught during this class can be used to investigate isolated endpoint security incidents or implemented at scale for monitoring an enterprise. Students will be provided with access to a preconfigured ELK instance in the cloud, as well as extensive sample logs containing malicious events waiting to be discovered.
This course is designed for entry to mid-level security analysts and managers. Students who complete this class will be better equipped with practical tools and techniques in order to understand, deploy, and leverage log monitoring and analysis tools in support of enterprise defense efforts.
This Class Will Cover:
o Introduction to log monitoring and analysis
o Security Information and Event Management (SIEM)
o Different types of event logs
o Log ingestion, indexing, and searching
o Log correlation and enrichment using additional data sources
o How network perimeter and endpoint security logs complement each other
• Introduction to threat hunting
o Where threat hunting fits into your security program
o Proactive monitoring/hunting vs. dead box forensics
o Understanding the malware kill chain
o The role of threat intelligence
o Identifying and hunting for Indicators of Compromise (IOCs)
o Relevant tools including mostly open source or otherwise free tools:
o ELK stack (popular open source log management platform)
o Elasticsearch (index and search)
o Logstash (log ingestion)
o Kibana (search and dashboard frontend)
o Sysmon (free Microsoft Sysinternals endpoint logging tool)
o Threat hunting with logs
o How to search logs to find anomalous/malicious events
o How to build and use dashboards, automation, and alerting capabilities
o How to integrate threat intelligence feeds and enrich data
o Next steps
Students must bring a Windows, Mac, or Linux laptop with at least 6 GB and a web browser. Previous experience with log analysis, threat hunting, malware analysis, forensics, network security monitoring, and/or threat intelligence is helpful but not required.
Most Viewed Courses
- Threat Hunting with ELK Hands-On 698 hits
- Mobile Device Forensics Training Program 560 hits
- Certified Cyber Investigator (CCI) 533 hits
- Certified Malware Investigator (CMI) 483 hits
- Certified Forensic Investigation Specialist (CFIS) 471 hits
- Certified Data Collection Technician (CDaCT) 466 hits
- Basic Computer Forensic Examiner 466 hits
- Certified Mac Forensics Specialist (CMFS) 454 hits
- Cyber Incident Forensic Response 423 hits
- Certified Linux Forensic Practitioner (CLFP) 422 hits
- Certified Cyber Investigator (CCI) 351 hits
- Mobile Device Forensics Training Program 335 hits
- Certified Malware Investigator (CMI) 330 hits
- Certified Forensic Investigation Specialist (CFIS) 315 hits
- The Third International Conference on Information Security and Cyber Forensics 297 hits
- Forensics Europe Expo 295 hits
- Enfuse 2017 293 hits
- Certified Linux Forensic Practitioner (CLFP) 281 hits
- Incident Response 271 hits
- Incident Response 270 hits
- Certified Forensic Investigation Practitioner (CFIP) 264 hits
- Digital Forensics on Computers and Smartphones 255 hits
- Incident Response 253 hits
- Certified Mac Forensics Specialist (CMFS) 230 hits
- Incident Response 223 hits