Hunting (and stopping!) threats with Elastic Security
David Pilato discovered Elasticsearch project in 2011. After contributed to the project and created open source plugins for it, David joined Elastic the company in 2013 where he is Developer and Evangelist. He also created and still actively managing the French spoken language User Group. At elastic, he mainly worked on Elasticsearch source code, specifically on open-source plugins.
In his free time, he likes talking about elasticsearch in conferences or in companies (Brown Bag Lunches AKA BBLs).
He is also author of FSCrawler project which helps to index your pdf, open office, whatever documents in elasticsearch using Apache Tika behind the scene.
You are a security analyst for your company. The IT Team has deployed Elastic agents on your infrastructure, including endpoints, firewalls… those agents are collecting logs, metrics and security related data for months.
One morning, you open Kibana and discover that some alerts have been thrown. Is that a real threat?
In this 100% live session, we will discover, step by step, with the free and open Elastic Security solution:
– how to check if it’s a real threat,
– how to block it and stop its propagation,
– how the intrusion has been made possible,
– what techniques have been used,
– have data been exfiltrated.