LogStash & MaxMind - it's not just for GeoIP any more!
Details
THIS IS A FREE EVENT - PLEASE FINISH YOUR RSVP IN THE LINK BELOW
The LogStash MaxMind filter enriches documents with GeoIP information from the open-source MaxMind database. But did you know that you can customize this filter to enrich documents with all kinds of other IP-related data? MaxMind uses its own database, which enables very fast searching based on IP address. Our experience is that this is the very best way to retrieve any type of IP-based information and store it upon ingestion without impacting performance. We demonstrate how to create customized instances of the MaxMind database and associated LogStash filters to enrich documents with all kinds of other information, such as:
Internal network descriptive information, such as segment and subnet, stored in IPAM or another network management tool;
Information on individual internal endpoints, such as sensitivity, criticality, known vulnerabilities, compliance status, machine state;
Threat intelligence on external IP addresses, derived from sources such as MISP, including severity, exploit type, intelligence reliability, and aging.
Agenda
4:00 PM: Presentation and Demo
In this presentation, we will share real-world client experiences, including cookbooks, limitations, and gotchas. Attendees will learn when and how to implement LogStash MaxMind custom DBs and filters for their own use-cases.
---
Hosted By
Raji Sankaran, Community Organizer
---
THIS IS A FREE EVENT - PLEASE FINISH YOUR RSVP IN THE LINK BELOW
Sponsors
LogStash & MaxMind - it's not just for GeoIP any more!