Update: There is no longer a vaccination or health check requirement for entry into the venue.
Boston Elastic Stackers - Join us for an in-person meetup at the Microsoft campus on Thursday, January 26th, from 5:00-7:00pm EST. We're joined by George Boitano (SEMplicity) and Steve Kearns (VP of Product Management @ Elastic) for presentations followed by networking, food, and refreshments.
Registration ends on Tuesday, January 24th, as we need to provide a list of attendees to building security. Upon arrival, guests will need to provide an ID at the reception desk located on the “M” (Microsoft) floor.
Date & Time:
Thursday, January 26th, from 5:00-7:00 pm EST. Please note the venue has a hard stop at 7:00 pm EST.
1 Memorial Dr, Cambridge, MA 02142 - Conference Center - Thomas Paul Room
The parking garage is located at the back of the building. It is $12.00 after 4:00 pm. When entering the parking garage, it will prompt you to press the button to take a ticket; after the event is over, you can pay for the parking ticket in the lobby (just passing the security desk and near the elevator to the parking garage.)
- 5:00 pm: Doors open; say hi, grab a seat, and eat some food.
- 5:15pm: Detections & Transforms: The foundation for user & entity behavioral analytics - George Boitano (SEMplicity)
- 6:00pm: Presentation by Steve Kearns (VP of Product Management @ Elastic)
- 7:00 pm: Event ends
Talk Abstract: Detections & Transforms: The foundation for user & entity behavioral analytics - George Boitano (SEMplicity)
Tracking security events by user or entity is all about preserving state. What suspicious behavior have we observed from the user over the past month? Have they been clicking on malicious URLs, failing an abnormally high number of authentications, and connecting to unusual network segments? And what is the state of their machine? Was there a recent virus infection? Does it have multiple unpatched vulnerabilities?
Detections find the needles in the haystacks. But preserving, aggregating and analyzing these findings requires implementing state machines for users and entities. That's where transforms shine. We use transforms to maintain user and entity state, pivoting on user name, UUID, source IP and source hostname. Using transforms, we can now write 2nd-level detections to trigger high-severity alerts based on aggregated user or entity behavior. Analysts, during triage or investigation, can now quickly determine a user or entity state. And if we summarize these transforms, executives can now view and track a composite enterprise risk profile aggregated across all the user and entity states.
This presentation will briefly introduce the concepts of Detections & Transforms, and then build a quick transform live to create a user state machine based on observed behavior. If time permits, we will also create a quick detection to monitor user state and trigger on certain conditions.
Talk Abstract: TBD - Steve Kearns (VP of Product Management @ Elastic)