2019-10-21, 15:00–15:20, Hollenfels
In todays cyber security world, SIEM vendors charge large amounts of money to enrich your logging information with the "latest" threat intelligence, which turns out is simply open source threat data. The purpose of this talk is to show how to put the SIEM vendors out of business.... No really... Combining MISP as your open source threat intelligence and threat data feed aggregator with ElasticSearch as your open source logging setup. SIEM doesn't have to be expensive or complicated and it should be obtainable for all!
Not sure what goes here? A description of what? If it is what I think it is then.....
The talk covers integrating the MISP API with Memcache via python and then referencing Memcache using Logstash. Combining this with logging sources, means threat data enrichment in real time. Using Memcache also provides scale, this is run in a large production setup across over 100,000 events per second.