"Threat Hunting with the Elastic Stack": Ben Hughes (@CyberPraesidium) Recap of Elastic{ON} Tristan will cover the new features added since 6.0 was released and recap the future direction shared at Elastic{on} 18. Tristan Ahmadi is a Solutions Architect for Elastic, working closely with civilian agencies in the federal government. He works closely with customers to explore their search and analytic challenges. He has a decade of software experience in both technical consulting and solutions engineering across commercial, federal, and law enforcement. In his free time, he enjoys playing video gaming, reading, fishing, and snowboarding.
This presentation will walk attendees through leveraging the open source Elastic stack to proactively identify malicious activity using diverse logs. The basic threat hunting tools and techniques presented can be used to investigate isolated security incidents or implemented at scale for continuous security monitoring. I'll demonstrate how to quickly build custom log pipelines and searches, visualizations, and dashboards in Kibana to identify many artifacts of the cyber kill chain ranging from web app attacks to Windows credential attacks.
Ben brings over 12 years of diverse experience in cyber security, IT, and law. He leads Polito’s commercial services including vulnerability assessments, penetration testing, incident response, forensics, and threat hunting. Prior to joining Polito, Ben worked on APT hunt teams at federal and commercial clients, sharpening his skills in network security monitoring, IR, forensics, malware analysis, security configuration, and cyber threat intelligence. He holds CISSP, GCFA, GWAPT, and Splunk Power User certifications. Ben is also a licensed attorney in Maryland and volunteers at a pro bono legal clinic.
Community Organizer
