Visualize Your Threats with Elastic SIEM

stackconf

Jun. 2020

David Pilato

Slides

skip-backskip-back  /  skip-forwardskip-forward
download-clouddownload-cloud PDF

Abstract

Knowing what is going on in your environment is an important part of staying on top of security issues. But how do you capture relevant metrics and visualize them? One widely-used tool for that job is the Elastic Stack, formerly known as the ELK stack. This talk shows how to ingest relevant metrics from your network and hosts as well as how to easily visualize them to find suspicious patterns and behaviors. We will be also using the latest tool named SIEM.

We will use real-world honeypot data for this example:

  • The first step is to parse and enrich the data, so we can identify actual attacks, their origin, and more.
  • Then we store and explore the data to find meaningful insights.
  • Which leads us to visualize specific attributes โ€” like the location of an attacker or patterns in the attacks.
  • Building upon this we can combine visualizations into dashboards, giving a broader overview.
  • Finally we will use the Kibana SIEM app to see how everything is now getting easy to track for attacks.

Everything done live.

Video

Resources

The following resources were mentioned during the presentation or are useful additional information.

AuditD Rules

Templates for common auditD rules

Demo: Auditbeat in Action

This demo shows how you can use Auditbeat to ingest data from your environment and visualize it in Kibana.

Buzz et feedback

Here's what was said about this presentation on social media.

Previous page Elasticsearch
Next page Elasticsearch

ยฉ 2010 - 2026 David Pilato

๐Ÿ” Search is powered by QueryBox. Just hit CTRL+K or CMD+K to start searching.

โš™๏ธ Generated from ๐Ÿ‡ซ๐Ÿ‡ท with โค๏ธ on Tue Jan 6, 2026 at 11:07:13 UTC

๐ŸŒฑ Powered by Hugo with theme Dream.

Who am I?

Developer | Evangelist at elastic and creator of the Elastic French User Group . Frequent speaker about all things Elastic, in conferences, for User Groups and in companies with BBL talks . In my free time, I enjoy coding and deejaying as DJ Elky , just for fun. Living with my children in Cergy, France.

Details

I discovered Elasticsearch project in 2011. After contributed to the project and created open source plugins for it, David joined elastic the company in 2013 where he is Developer and Evangelist. He also created and still actively managing the French spoken language User Group. At elastic, he mainly worked on Elasticsearch source code, specifically on open-source plugins. In his free time, he likes talking about elasticsearch in conferences or in companies (Brown Bag Lunches AKA BBLs ). He is also author of FSCrawler project which helps to index your pdf, open office, whatever documents in elasticsearch using Apache Tika behind the scene.

Visited countries

You can see here the countries I have visited so far. Most of them are for business purpose but who said you can not do both: business and leisure?

38 countries visited

Social Links