1 of 11

Alphabet Soup

Lets secure cosi in the most confusing means possible

2 of 11

WARNING: This presentation will contain a large number of acronyms, I will do my best to explain

If you have any questions after this, you can always come up and ask me or someone else who might know what I’m talking about��Or give it a google and go down the same rabbit hole I have

Now, Lets begin :)

3 of 11

What is a SIEM?

  • SIEM stands for Security Incident Event Management
  • Usually consists of:
    • Collecting and Consolidating Data
    • Picking out notable events
    • Event & Alert Generation
    • Notification and Monitoring
  • Means of organization and monitoring of security events:
    • This is good! 👍

4 of 11

Why might we want one of these?

  • Help to secure our servers!
    • While we are quite protected within clarksons network and resources, having publicly accessible services like mirror might make us want to help keep an eye on things.
  • Good practice!
    • For those of us wanting to get into cybersecurity, many companies will use systems like this, or like seeing experience with projects like this
  • It could be fun!!
    • It just seems like a cool project with a variety of ways to approach it and could use a good collaboration of minds

5 of 11

Options for this

6 of 11

ELK STACK

-Elk stands for:

Elasticsearch: JSON based search engine and analytics engine

Kibana: User Interface and data aggregator

(and logistash + beats)

-Customizable, Opensource, and has integrations

For more info:

https://www.elastic.co/elastic-stack

7 of 11

Splunk (a cisco company)

Features:

Alerts based on risk level

Also works alongside a SOAR: Security Orchestration, Automation, and Response

Commonly used in industry with major companies

Integrations with: aws, google cloud, azure, Kubernetes, mongoDB, and much more

Downsides:

Not fully open source, but does support open source efforts

8 of 11

And now to my favorite option…

9 of 11

THE SECURITY ONION!!!

10 of 11

Security Onion 2

Both free and open source, with large community backing

Includes: network visibility, host visibility, intrusion detection honeypots, log management, and case management.

Uses snort NIDS/NIPS (Network intrusion detection/prevention service)

Has: Alerts, Detections, PCAP, Analyzers, and an overall dashboard

Collects data on: Agents, Alerts, Assets, Extracted content, Full content, Sessions, transactions, and more!

Other Features: Scalability, Open and active community, also available for desktop utilization

11 of 11

Well Thats it for ideas from me

If you guys have any ideas and ways we can go about it dont be afraid to share!

Looking for team members to offer a hand as well! So reach out if interested