June TASK - Realtime Network Threat Intelligence and Visualization

Wednesday 24-June-2015 // 6:00 - 9:00 PMBUILDING: Telus Building25 York Street, 3rd Floor(Room 003-031 Spirited Teamwork)

---

TOPIC: Roll Your Own SIEM with ElasticSearch and Python Machine Learning SPEAKER: Todd HoweYour NOC/SOC requires visibility into network conditions in real time to provide a rapid response to a wide range of threat actors, but stock SIEM dashboard and logging solutions may not be an ideal fit for your organization. What to do? Why not roll your own!Using a combination of basic machine learning tools in Python and the freely available Elasticsearch logging and visualization stack I'll show how I was able to assemble a simple proof of concept network anomaly dashboard. Afterwards, let's talk about how the context of your environments impact your logging and alerting needs.PDF

---

TOPIC: Data Stacking: Finding Evil (needle) in the Haystack SPEAKER: Deepak Nuli, MandiantThe talk will discuss the tools and techniques used to identify anomalies in log files collected from large number of endpoints (>10,000 hosts) to identify malware seen in real life targeted compromises. The talk will also focus on non-signature based analysis of several sources of evidence such as services, registry, Windows Shimcache logs, and process listing.PDFSource: task