Security Analytics

Security Analytics

Les menaces ne suivent pas de modèle prédéfini. C’est pourquoi vous devez en faire autant. Avec la Suite Elastic, vous êtes armé pour rester dans la course et faire face aux attaques d'aujourd'hui et de demain.

Découvrez l'analyse de la sécurité signée Elastic. Essayer

Nouveau Zoom sur les fonctionnalités de sécurité d’Elastic : découvrez comment elles peuvent donner un coup d’accélérateur à la conformité au RGPD. En savoir plus.

Soyez rapide. Très rapide.

En matière d'attaques, la question n'est pas de savoir "si" elles vont se produire, mais "quand". Demandez-vous donc combien de temps vous voulez garder un intrus dans votre système.

Elastic est conçu pour être rapide. Vos données sont indexées au fur à mesure de leur ingestion. L'accès à l'information ne prend plus que quelques secondes, ce qui facilite l'exécution de requêtes ad hoc et la visualisation en temps réel.

Passez toutes vos données au crible. Oui, toutes

Les menaces peuvent venir de partout. Il est donc important d'avoir une vision globale de ce qui se passe dans tous vos systèmes en temps réel.

On ne vous l'avait pas dit ? Elasticsearch est gourmand. Très gourmand. Il peut ingérer des pétaoctets de données : pares-feux, proxy web, systèmes de détection… En fait, il raffole de toutes les sources de données. Alors ne vous privez pas.

Other
search...
0 matched | 0 scanned
0 Unique Request
Elastic
search...
hits
Unique Request

Vos données ont encore des choses à vous dire : conservez-les plus longtemps

À quel moment la menace s'est-elle introduite ? Où est-elle allée ? Qu'a-t-elle fait ? Qu'a-t-elle compromis d'autre ?

Pour répondre à ces questions, sept jours ne permettent pas d'avoir le recul suffisant. Les menaces ordinaires peuvent incuber pendant 100 jours avant d'être résolues. Avec Elastic, non seulement la recherche dans vos données d'historique à long terme devient possible, mais elle devient plus simple, plus rapide et plus pratique.

Partez sur de nouvelles bases ou renforcez votre solution SIEM existante

Vous pouvez partir d'une page blanche et créer une solution de sécurité personnalisée à l'instar de Slack, ou choisir de renforcer une solution SIEM existante, comme l'a fait USAA. Comme son nom l'indique, le propre d'Elastic est sa flexibilité. Dans la même logique, si vous ne trouvez pas ce qu'il vous faut, vous êtes libre de le créer ou de vous appuyer sur la communauté. Vous n'êtes pas limité par une solution propriétaire. Avec l'open source, tout est possible.

Allez-y, essayez!

Commencez petit. Voyez grand. C’est votre choix. Procurez-vous une nouvelle version et découvrez ce que nous avons à offrir.
  • Register, if you do not already have an account. Free 14-day trial available.
  • Log into the Elastic Cloud console
To create a cluster, in Elastic Cloud console:
  • Select Create Deployment, and specify the Deployment Name
  • Modify the other deployment options as needed (or not, the defaults are great to get started)
  • Click Create Deployment
  • Save the Cloud ID and the cluster Password for your records, we will refer to these as <cloud.id> and <password> below
  • Wait until deployment creation completes

Download and unpack Filebeat

Open terminal (varies depending on your client OS) and in the Metricbeat install directory, type:

Paste in the <password> for the elastic user when prompted

Paste in the <cloud.id> for the cluster when prompted

Open Kibana from Kibana section of the Elastic Cloud console (login: elastic/<password>)
Open dashboard:
"[Filebeat System] SSH login attempts" or "[Filebeat System] Sudo commands"
What just happened?
Filebeat created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing latest system log messages, and reporting on SSH login attempts and other authentication events.
Didn't work for you?

Filebeat module assumes default log locations, unmodified file formats, and supported versions of the products generating the logs. See the documentation for more details.

  • Register, if you do not already have an account. Free 14-day trial available.
  • Log into the Elastic Cloud console
To create a cluster, in Elastic Cloud console:
  • Select Create Deployment, and specify the Deployment Name
  • Modify the other deployment options as needed (or not, the defaults are great to get started)
  • Click Create Deployment
  • Save the Cloud ID and the cluster Password for your records, we will refer to these as <cloud.id> and <password> below
  • Wait until deployment creation completes

Download and unpack Auditbeat

Open terminal (varies depending on your client OS) and in the Auditbeat install directory, type:

Paste in the <password> for the elastic user when prompted

Paste in the <cloud.id> for the cluster when prompted

Open Kibana from Kibana section of the Elastic Cloud console (login: elastic/<password>)
Open dashboard:
"[Auditbeat File] File Integrity"
What just happened?
Auditbeat created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing latest system audit information.
Didn't work for you?

Auditbeat module assumes default operating system configuration. See the documentation for more details.

  • Register, if you do not already have an account. Free 14-day trial available.
  • Log into the Elastic Cloud console
To create a cluster, in Elastic Cloud console:
  • Select Create Deployment, and specify the Deployment Name
  • Modify the other deployment options as needed (or not, the defaults are great to get started)
  • Click Create Deployment
  • Save the Cloud ID and the cluster Password for your records, we will refer to these as <cloud.id> and <password> below
  • Wait until deployment creation completes

Download and unpack Logstash

Open terminal (varies depending on your client OS) and in the Logstash install directory, type:

Modify logstash.yml to set ArcSight module details

modules:
- name: arcsight
  var.inputs: smartconnector
  var.elasticsearch.username: "elastic"
  var.elasticsearch.password: "<password>"
				

Configure Smart Connectors to send CEF events to Logstash via TCP on default port 5000.

Open Kibana from Kibana section of the Elastic Cloud console (login: elastic/<password>)
Open dashboard:
"[ArcSight] Network Overview Dashboard"
What just happened?

Logstash created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing Arcsight events.

Didn't work for you?

Logstash module makes a set of assumptions around default configuration of the ArcSight solution, however you can override defaults. See the documentation for more details.

  • Register, if you do not already have an account. Free 14-day trial available.
  • Log into the Elastic Cloud console
To create a cluster, in Elastic Cloud console:
  • Select Create Deployment, and specify the Deployment Name
  • Modify the other deployment options as needed (or not, the defaults are great to get started)
  • Click Create Deployment
  • Save the Cloud ID and the cluster Password for your records, we will refer to these as <cloud.id> and <password> below
  • Wait until deployment creation completes

Download and unpack Packetbeat

Open terminal (varies depending on your client OS) and in the Packetbeat install directory, type:

Paste in the <password> for the elastic user when prompted

Paste in the <cloud.id> for the cluster when prompted

Open Kibana from Kibana section of the Elastic Cloud console (login: elastic/<password>)
Open dashboard:
"[Packetbeat] DNS Tunneling"
What just happened?

Packetbeat created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing details of your DNS traffic.

Didn't work for you?

Packetbeat makes a set of assumptions around defaults, such as default network ports. See the documentation for more details on how to further configure your deployment.

  • Register, if you do not already have an account. Free 14-day trial available.
  • Log into the Elastic Cloud console
To create a cluster, in Elastic Cloud console:
  • Select Create Deployment, and specify the Deployment Name
  • Modify the other deployment options as needed (or not, the defaults are great to get started)
  • Click Create Deployment
  • Save the Cloud ID and the cluster Password for your records, we will refer to these as <cloud.id> and <password> below
  • Wait until deployment creation completes

Download and unpack Logstash

Open terminal (varies depending on your client OS) and in the Logstash install directory, type:

Paste in the <password> for the elastic user when prompted

Modify logstash.yml to set Netflow module details

cloud.id: <cloud.id>
     cloud.auth: elastic:${ES_PWD}
     modules:
       - name: netflow
         var.input.udp.port: <netflow_port>
				

Configure NetFlow to export flow events to Logstash via UDP on default port 2055.

Open Kibana from Kibana section of the Elastic Cloud console (login: elastic/<password>)
Open dashboard:
"Netflow: Overview"
What just happened?

Logstash created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing Netflow events.

Didn't work for you?

Logstash module makes a set of assumptions around default configuration of the Netflow solution, however you can override defaults. See the documentation for more details.

In Elasticsearch install directory:
Ctrl + C to Copy
In Kibana install directory:
Ctrl + C to Copy
In Filebeat install directory:
Ctrl + C to Copy
What just happened?

Filebeat created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing latest system log messages, and reporting on SSH login attempts and other authentication events.

Didn't work for you?

Filebeat module assumes default log locations, unmodified file formats, and supported versions of the products generating the logs. See the documentation for more details.

In Elasticsearch install directory:
Ctrl + C to Copy
In Kibana install directory:
Ctrl + C to Copy
In Auditbeat install directory:
Ctrl + C to Copy
What just happened?
Auditbeat created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing latest system audit information.
Didn't work for you?

Auditbeat module assumes default operating system configuration. See the documentation for more details.

In Elasticsearch install directory:
Ctrl + C to Copy
In Kibana install directory:
Ctrl + C to Copy
In Logstash install directory:

Modify logstash.yml to set ArcSight module details

modules:
       - name: arcsight
         var.inputs: smartconnector
			
Ctrl + C to Copy

Configure Smart Connectors to send CEF events to Logstash via TCP on default port 5000.

What just happened?

Logstash created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing ArcSight events.

Didn't work for you?

Logstash module makes a set of assumptions around default configuration of the ArcSight solution, however you can override defaults. See the documentation for more details.

In Elasticsearch install directory:
Ctrl + C to Copy
In Kibana install directory:
Ctrl + C to Copy
In Packetbeat install directory:
Ctrl + C to Copy
What just happened?

Packetbeat created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing details of your DNS traffic.

Didn't work for you?

Packetbeat makes a set of assumptions around defaults, such as default network ports. See the documentation for more details on how to further configure your deployment.

In Elasticsearch install directory:
Ctrl + C to Copy
In Kibana install directory:
Ctrl + C to Copy
In Logstash install directory:

Modify logstash.yml to set Netflow module details

modules:
       - name: netflow
         var.input.udp.port: <netflow_port>
			
Ctrl + C to Copy

Configure NetFlow to export flow events to Logstash via UDP on default port 2055.

What just happened?

Logstash created an index pattern in Kibana with defined fields, searches, visualizations, and dashboards. In a matter of minutes you can start viewing Netflow events.

Didn't work for you?

Logstash module makes a set of assumptions around default configuration of the Netflow solution, however you can override defaults. See the documentation for more details.

Automatisez la détection des anomalies et examinez les connexions suspectes

Comment faire face à des milliards de signatures ou identifier les connexions pertinentes au milieu de millions d'adresses IP ? Jouez la carte du machine learning et de l'analyse des graphes et détectez rapidement les cybermenaces prévisibles ou imprévisibles, malgré le bruit environnant.

Rejoignez le club

USAA a commencé par déployer quelques nœuds Elasticsearch dans son laboratoire de sécurité. La société dispose désormais d'un déploiement de production complet qui renforce sa solution SIEM ArcSight. Jusque-là, lorsqu'ils lançaient des requêtes via leur système de gestion des logs, les premiers intervenants d'USAA devaient attendre plusieurs minutes (voire plusieurs heures) avant d'obtenir des résultats permettant l'analyse des menaces. Avec Elastic, tout cela est de l'histoire ancienne.

D'autres entreprises ont opté sur Elastic pour la gestion de leurs événements de sécurité. Découvrez d'autres témoignages client.

Bien plus que des événements de sécurité

Indicateurs ? Logs d'infrastructure ? Documents texte ultra-volumineux ? Centralisez le tout dans la Suite Elastic avec vos événements de sécurité : enrichissez vos analyses, limitez les risques et simplifiez votre architecture.

Logging

Un logging rapide et évolutif qui ne vous laissera pas tomber.

En savoir plus

Metrics

Supervisez processeur, mémoire, et bien plus.

En savoir plus

Site Search

Créez facilement une excellente expérience de recherche.

En savoir plus

APM

Obtenez un aperçu de la performance de vos applications.

En savoir plus

App Search

Recherchez à travers tous vos documents.

En savoir plus