Elasticsearch Security Analytics: Vulnerability Scans

Security attacks aren't a matter of if, but when. Identifying and understanding these threats as fast as possible is crucial. The Elastic Stack provides a more complete picture of what's going on across your systems in real time so you can keep pace with the attack vectors of today and tomorrow.

Join Mike Paquette, Director of Products for the Security Market, and Kevin Keeney, Cyber Security Advocate, for a live demo and presentation on enhancing your SIEM by leveraging components of the Elastic Stack. Mike and Kevin will be joined by Justin Henderson, a SANS instructor and the SANS course author for SEC555: SIEM with Tactical Analytics and the co-author of SEC455: SIEM Design and Implementation and SEC530: Defensible Security Architecture.

Mike and Justin will highlight an open source project, VulnWhisperer, a vulnerability data and report aggregator. VulnWhisperer pulls all the reports and creates a file with a unique filename which is then fed into logstash and then shipped to Elasticsearch.


Additional highlights include the Elastic Stack's machine learning features being used to detect attack behaviors by analyzing logs such as:

  • Authentication logs
  • Audit events
  • NetFlow records
  • DNS Traffic
  • Logstash ArcSight module

Additional Resources:

Mike Paquette

Director of Product, Security Market

Elastic

Kevin Keeney

Cybersecurity Advocate

Elastic

Justin Henderson

Founder & Lead Consultant

H&A Security Solutions