Our presenter this month will be John Hubbard, of SANS/GSK! He'll be speaking to us on Elastic Search.
John is a dedicated blue-teamer and is driven to help develop defensive talent around the world. Through his years of experience as the SOC Lead for GlaxoSmithKline, he has real-world, first-hand knowledge of what it takes to defend an organization against advanced cyber-attacks and is eager to share these lessons. As a SANS Cyber Defense curriculum instructor and course author of SEC455, John specializes in threat hunting, network security monitoring, SIEM design and optimization, and constructing defensive postures that allow organizations to protect their most sensitive data.
John holds an undergrad degree is in Electrical Engineering from Purdue and a masters degree in Computer Engineering, focusing on information security, from SUNY Binghamton. His past research spans from malware reverse-engineering to car hacking, mobile app security, and IoT devices. In his free time, John enjoys catching every infosec conference he can attend, FPV drone racing, coffee roasting, and slowly turning his home into a data center. He can be found on LinkedIn and on Twitter @SecHubb.
Interested in the ever-growing set of tools that are based on the Elastic stack, but not sure where to get started? Elasticsearch, Logstash, and Kibana make up the powerful toolset that is being used for everything in security from SIEMs to full PCAP indexing to incident ticketing systems, and is an outstanding free and open-source offering. Just one problem, the documentation can be...less than friendly. In this talk, I will give an introduction to these tools, explain how they work together, show how to ingest and visualize data, and demonstrate how you can easily start using them in your own environment.