Incident responder with a large interest in Threat Intelligence, the proper kind with Diamond models and kill chains!
I currently lead a SOC and incident response team covering most of the Danish financial industry....
ElastiMISPStash - Threat data enrichment for the masses!
In todays cyber security world, SIEM vendors charge large amounts of money to enrich your logging information with the "latest" threat intelligence, which turns out is simply open source threat data. The purpose of this talk is to show how to put the SIEM vendors out of business.... No really... Combining MISP as your open source threat intelligence and threat data feed aggregator with ElasticSearch as your open source logging setup. SIEM doesn't have to be expensive or complicated and it should be obtainable for all!