TO REGISTER FOR THIS WORKSHOP, GO
HERE. NOTE THAT SPACE IS VERY LIMITED.
Securing the enterprise is a demanding task that requires a complete understanding of the infrastructure and its running services. To uncover signs of compromise, it is first necessary to know what normal activity looks like. Almost all services make use of some type of logging function with the vast majority of logs adhering to RFC 5424 or the Syslog protocol. Centralizing log analysis functions opens new opportunities for cross-referencing and analyzing data.
Log aggregation tools are available from a variety of vendors and are critical in presenting data in a timely and usable manner. With proper planning, log aggregation tools can be configured to track critical infrastructure activity and provide alerting when anomalies indicative of compromise are detected. Log analysis can be used to detect malicious login attempts, device compromise, data exfiltration, unexpected network traffic, unauthorized file changes, rogue application installations, and more.
This course will provide students with hands-on development of practical, real-world log aggregation, analysis, and alerting skills that they can take back to their jobs, massage, and implement in their environments. We will use real world scenarios and provide virtual machines, instruction, and workable demos that students can take with them.
Students should have basic Linux & Windows familiarity and be able to do basic virtual machine manipulation. We will provide all materials via AWS. Students will need laptops.
