Security Logging Use Cases: Building an Open-Source SIEM- Jonah Kowall, Logz.io

Описание к видео Security Logging Use Cases: Building an Open-Source SIEM- Jonah Kowall, Logz.io

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Security Logging Use Cases: Building an Open-Source SIEM- Jonah Kowall, Logz.io

Understanding threats is the goal of a SIEM, which collects, enriches, and correlates events and threats. Learn how to build an open-source SIEM with Fluentd and Fluent Bit. SIEMs primary challenge is data collection and scale. Security infrastructure generates diverse data. We will cover data sources along with how to parse and security signals. We will provide real-world examples of how these data collection systems are used to bring together security data into an open-source SIEM. Learn how extracting metrics from logs with Fluentd can provide additional data to understand your organization’s security posture. The EFK Stack is very popular for log analytics. This includes the life cycle of collection, indexing, and storing them. Log data is valuable, but use cases for logging are operational for observability and debugging. The security world typically uses other tools, but building it on top of the same logging stack is efficient. SIEM takes a centralized approach to collection, enrichment, and analysis. As we know in today’s environments, we must ultimately federate this work to the edge to reduce data volumes and take action faster. While this is not something that SIEMs do today, it’s something that the future SIEM and technologies like Fluentd will provide.

Комментарии

Информация по комментариям в разработке