Wednesday 24-June-2015 // 6:00 – 9:00 PM
BUILDING: Telus Building
25 York Street, 3rd Floor
(Room 003-031 Spirited Teamwork)
TOPIC: Roll Your Own SIEM with ElasticSearch and Python Machine Learning
SPEAKER: Todd Howe
Your NOC/SOC requires visibility into network conditions in real time to provide a rapid response to a wide range of threat actors, but stock SIEM dashboard and logging solutions may not be an ideal fit for your organization. What to do? Why not roll your own!
Using a combination of basic machine learning tools in Python and the freely available Elasticsearch logging and visualization stack I’ll show how I was able to assemble a simple proof of concept network anomaly dashboard. Afterwards, let’s talk about how the context of your environments impact your logging and alerting needs.
TOPIC: Data Stacking: Finding Evil (needle) in the Haystack
SPEAKER: Deepak Nuli, Mandiant
The talk will discuss the tools and techniques used to identify anomalies in log files collected from large number of endpoints (>10,000 hosts) to identify malware seen in real life targeted compromises. The talk will also focus on non-signature based analysis of several sources of evidence such as services, registry, Windows Shimcache logs, and process listing.