EmPOW: Integrating Attack Behavior Intelligence into Logstash Plugins

AMER Virtual Thu, Jun 18, 1:00 PM (PDT)

39 Members RSVP'ed

About this event

Join here: https://elastic.zoom.us/j/98260264173


Abstract 1:

Several commercial and opensource tools enable security data ingestion, however, these tools are typically not simple and easily incur errors through misconfigurations. MITRE ATT&CKTM, Elastic’s Logstash ‘pipeline to pipeline’ and multi-pipeline features provide a lot of value but also need to be used and configured correctly. In this session, we will review:

A day in the life of a Security Analyst

Writing attack behavior security plugins

Why MITRE?

Integrating MITRE intelligence into a plugin

Other classification techniques

Pipeline to Pipeline and debug tools

Demo

About empow

Abstract 2:

Are you new to Elastic SIEM? Join us for a demo and learn how to start investigating threats in your environment.

Presenters:

Joe DiGregorio, Solution Architect, empow

Joe DiGregorio is Solution Architect at empow and a Boston based cybersecurity professional with over 7 years’ experience including in vulnerability management, penetration testing, insider threat detection & mitigation, and consulting. Joe's knowledge and experience comes from years working at industry leaders such as CORE Security and ObserveIT (now a Proofpoint company).


Cami Lewis, Community Advocate- Security