Hi Elastic Community Stuttgart,
Mark your calendars - we are planning the next Elastic meetup in Stuttgart for November 12. We will start at 6:30pm at the mimacom Office downtown Stuttgart and provide snacks and drinks for dinner for all attendees.
We are currently working on the agenda together with our friends from Elastic, there will definitely be a talk by Philipp Krenn on "Scaling Your Auditing Events".
If you'd like to submit a talk, please don't hesitate to contact me.
First Talk at the Meetup by Philipp Krenn from Elastic
Scale Your Auditing Events
The Linux Audit daemon is responsible for writing audit records to the disk, which you can then access with ausearch and aureport. However, it turned out that parsing and centralizing these records is not as easy as you would hope. Elastic’s new Auditbeat fixes this by keeping the original configuration, but ships them to a centralized location where you can easily visualize all events. You can also use Auditbeat to detect changes to critical files, like binaries and configuration files, and identify potential security policy violations.
This talk shows you what can you do to discover changes, events, and potential security breaches as soon as possible on interactive dashboards. Additionally, we are combining Auditd events with logs, which are security relevant, and explore them in Elastic’s free SIEM.
More information and further agenda items to follow shortly.
We look forward to seeing you all soon.
Your mimacom and Elastic Teams