Network Security Monitoring with the Elastic Stack

Samir Bennacer, Octodet

CTO

Octodet

Every environment has common services such as HTTP, DNS, TLS, and SMTP. The logs from these services contain enormous value for security analysts to detect threats.

In this webinar you will hear how to capture network data using solutions like Zeek/Corelight to monitor all of these common services to improve your visibility and defences. We’ll also show how you can use Elastic SIEM and anomaly detection to understand your organization and automatically build a baseline to detect known and unknown threats.

Highlights:

• Service log collection using Zeek/Corelight
• Catching adversaries using network data
• Detecting known and unknown threat using Elastic SIEM and anomaly detection
• Securing your network with Elastic + Corelight

Supercharge your Elastic SIEM with the most powerful network security monitoring solution that is built on Zeek (formerly Bro). Learn how to transform network traffic into rich network logs and extracted files. Elastic users can ingest some or all of this data directly into Elasticsearch or via Logstash. Find out how to reduce incidence response, defend your network with real time monitoring, go on the offensive with advanced threat hunting, and quickly search and pivot through network-based evidence for rapid network forensics.