Tracking abuse using intelligence with Elastic & Tele2 | Security Meetup

Join us on Thursday, March 13th for a new meetup with the Elastic Stockholm User Group!

We'll meet each other at Lexicon: doors open at 17.30 and we'll serve pizza and drinks. Presentations begin at 18.45. We wrap up at 20.30.

Address: Lexicon, World Trade Center, Klarabergsviadukten 70, Stockholm

Agenda:
18.00 Doors open
18.15 Welcome, pizza and drinks
18.30 Turning Threat Intelligence into Actionable Defense
19.15 Tracking Abuse Using Intelligence with Elastic: A Case Study from Tele2 Sverige AB
19.40 Q&A
20.00 Wrap up

Talks:
Turning Threat Intelligence into Actionable Defense
Security operations teams need more than just alerts—they need actionable intelligence to stay ahead of adversaries. This session explores how threat intelligence enhances detection, investigation, and response, transforming security operations from reactive to proactive.

We'll break down key threat intelligence methodologies, including:
- The Diamond Model of Intrusion Analysis
- STIX 2 and Structured Threat Intelligence
- Operationalizing Threat Intelligence in Elastic – Elastic Security provides dedicated ECS threat fields to track threat intelligence, enabling structured enrichment and correlation. Additionally, STIX objects have been mapped into ECS fields, allowing for seamless integration and automated detection.

By the end of this talk, attendees will gain a clear understanding of how to operationalize CTI effectively, ensuring their security teams move beyond reactive alerts to proactive defense.

Speaker: Marvin Ngoma (Principal Security Architect, Elastic)

Tracking Abuse Using Intelligence with Elastic: A Case Study from Tele2 Sverige AB
In this session, we'll explore the challenges that Internet Service Providers (ISPs) face when identifying and mitigating abusive IPs. Whether it's fraud, DDoS attacks, or malicious behavior, abuse from certain IP addresses can have severe consequences for both service providers and end-users.

We'll discuss how ISPs can integrate threat intelligence with Elastic to proactively track, identify, and handle suspicious IP activity, using ES|QL, threat intelligence and other Elastic integrations. Additionally, we'll dive into the complexities of Telco fraud, particularly targeting SS7 (Signaling System No. 7) vulnerabilities.

Attendees will gain insights into detecting and preventing SS7 attacks, which are increasingly exploited by fraudsters to manipulate telecommunications networks.

Speaker: Karanveer Singh (SIEM Engineer, Tele2 Sverige AB)