security monitoring using siem null bangalore meet april 2015

35

Security Monitoring using SIEM By: Rishabh Gupta Email: [email protected] Blog: [email protected]

Upload: nu-the-open-security-community

Post on 20-Jul-2015

158 views

Category:

Technology

0 download

Report

Download

Tags:

Embed Size (px):

TRANSCRIPT

Page 1: Security Monitoring using SIEM null bangalore meet april 2015

Security Monitoring using SIEM

By:Rishabh GuptaEmail: [email protected]: [email protected]

mailto:[email protected]

Page 2: Security Monitoring using SIEM null bangalore meet april 2015

Flow of the presentation

• What is Log file ?

• What is Event ?

• What is security monitoring?

• SIEM Architecture

Page 3: Security Monitoring using SIEM null bangalore meet april 2015

What is Log file

Page 4: Security Monitoring using SIEM null bangalore meet april 2015

What is Event ?

Page 5: Security Monitoring using SIEM null bangalore meet april 2015

Each line in above log describes an event

Page 6: Security Monitoring using SIEM null bangalore meet april 2015

What is Monitoring ?

Page 7: Security Monitoring using SIEM null bangalore meet april 2015

What is Security Monitoring ?

Page 8: Security Monitoring using SIEM null bangalore meet april 2015

Page 9: Security Monitoring using SIEM null bangalore meet april 2015

What kind of rule we write in SIEM

• In SIEM we write correlation rules

• For e.g.: Suppose: X is Event 1Y is Event 2

Then we write rules like:

Rule 1: If X is generated after Y within 2 minutes then generate SIEM alert Z

Rule 2: If X is generated 10 times within 1 minutes then generate SIEM alert B

Page 10: Security Monitoring using SIEM null bangalore meet april 2015

How we write a rule ?

We try to understand the pattern of different attacks and then try to convert it into rules

Page 11: Security Monitoring using SIEM null bangalore meet april 2015

Different patterns of attacks

Page 12: Security Monitoring using SIEM null bangalore meet april 2015

Page 13: Security Monitoring using SIEM null bangalore meet april 2015

Page 14: Security Monitoring using SIEM null bangalore meet april 2015

Page 15: Security Monitoring using SIEM null bangalore meet april 2015

Page 16: Security Monitoring using SIEM null bangalore meet april 2015

Page 17: Security Monitoring using SIEM null bangalore meet april 2015

Gartner 2012, 2013, 2014 Magic Quadrant for SIEM Vendors

Page 18: Security Monitoring using SIEM null bangalore meet april 2015

Page 19: Security Monitoring using SIEM null bangalore meet april 2015

Page 20: Security Monitoring using SIEM null bangalore meet april 2015

Page 21: Security Monitoring using SIEM null bangalore meet april 2015

SIEM Architecture

Page 22: Security Monitoring using SIEM null bangalore meet april 2015

Page 23: Security Monitoring using SIEM null bangalore meet april 2015

Splunk Architecture

Page 24: Security Monitoring using SIEM null bangalore meet april 2015

Page 25: Security Monitoring using SIEM null bangalore meet april 2015

ArcSight Architecture

Page 26: Security Monitoring using SIEM null bangalore meet april 2015

Page 27: Security Monitoring using SIEM null bangalore meet april 2015

Alien Vault Architecture

Page 28: Security Monitoring using SIEM null bangalore meet april 2015

Page 29: Security Monitoring using SIEM null bangalore meet april 2015

Qradar Architecture

Page 30: Security Monitoring using SIEM null bangalore meet april 2015

Page 31: Security Monitoring using SIEM null bangalore meet april 2015

Page 32: Security Monitoring using SIEM null bangalore meet april 2015

Elements which are normally present in almost every attack scenario

Page 33: Security Monitoring using SIEM null bangalore meet april 2015

SIEM presents the complete detail of the attack scenario

Page 34: Security Monitoring using SIEM null bangalore meet april 2015

Page 35: Security Monitoring using SIEM null bangalore meet april 2015

Security News Bytes Null Dec Meet Bangalore

Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N

12500 TI Boulevard, MS 8640, Dallas, Texas 75243 PCN ......LM2990T-15/NOPB null LM2990T-5.0 null LM2990T-5.0/NOPB null LM2990T-5.2/NOPB null LM2991S/NOPB null LM2991SX/NOPB null LM2991T/NOPB

(null) - Erika-tanoda · Title (null) Author \(null\) Subject \(null\) Keywords \(null\) Created Date: 4/18/2012 5:40:54 PM

The SIEM Buyer’s Guide for 2020 - The SIEM...The SIEM Buyer's Guide for 2020 1 WHITE PAPER 1. What is a SIEM 2 a. The evolution of a SIEM 3 b. Legacy SIEMs are stuck in the past

SIEM INDUSTRIES

Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]

AHTS VS491 CD SIEM PEARL SIEM EMERALD SIEM SAPPHIRE SIEM ... · PDF fileThe vessel is a very large capacity Anchor Handling Tug Supply Vessel ... SIEM AHTS. Engine and

Appendix H. Preliminary Site Investigation (Contamination) · casing_from 0 casing_to 66 casing_type null casing_diameter 100 screen_from null screen_to null screen_type null contractor

Security certifications null meet bangalore april 2015

Null HYD Playing with shodan null

B-trees and Hash Tables Dynamic Indexability and …yike/talks/external-lb-overview.pdfExternal Hashing null null null null null null null 1 21 32 82 64 34 24 55 h(x) = last digit

SIEM Architecture

SIEM-2T/SIEM-2R - Farnell element14 · SIEM-2T/SIEM-2R UHF PLL Mono In Ear Monitoring System 59508-031 1856. ATTENTION Please pay high attention to the following information. Sound

Null Bangalore Meet 18/03/17

SIEM Integration Guide - bomgar.com · BomgarSIEMToolPluginInstallationandAdministration TheSecurityInformationandEventManagement(SIEM)toolpluginforBomgarRemoteSupportenablestheprocessingand

SQL Tuning Briefing Null is not equal to null but null is null

GerminaR: Indices and Graphics for Assess Seed Germination … · 2021. 6. 11. · 6 ger_boxp ylimits = NULL, xrotation = NULL, legend = "top", xtext = NULL, gtext = NULL, opt = NULL)

The CorreLog Approach to SIEM - ww1.prweb.comww1.prweb.com/.../CorreLog_SIEM_Server_Brochure.pdf · the CorreLog SIEM or a number of other SIEM systems. CorreLog’s SIEM Agent has

Netiq Siem(SIEM)

2018 - Siem Offshore · SIEM OFFSHORE INC. ANNUAL REPORT 2018 3. VESSELS IN THE FLEET Platform Supply Vessels (PSV) Siem Pride Siem Symphony Siem Atlas Siem Giant Siem Hanne Siem

null Bangalore meet - Cloud Computing and Security

Globalteer orientation guide Siem Reap · Once in Siem Reap, you can easily find a Siem Reap Angkor Visitors Guide or Siem Reap Drinking and Dining Guide in most hotels, restaurants

MV SIEM Sailor - Welcome to Siem Offshore: Siem … Sailor Page Two Owner Siem Meling Offshore Da Builder Karmsund Maritim Services AS, Karmøy, Norway Built 2007 Design VS 485 CD

Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]

Plus loin avec SQLLagaffe Gaston (null) Prunelle Léon (3 rows) L’affichage(null)estobtenuaveclaméta-commande\pset null (null)dushellpsql. 1.2.4 NULLETLESPRÉDICATS • DansunprédicatduWHERE:

Benchmarking SIEM

Security Target: Trustwave SIEM Enterprise · Trustwave SIEM Enterprise Security Target . Trustwave SIEM Enterprise . Security Target . Version 2.7 . April 11, 2016 . ... comprehensive

of salaries PST... · Ghulam Nabi Mugheri Ghulam Nabi Sabz Ali Chandio Ali Hassan Chandio RAMESH BAHAR I Al Ayas Hussain Pa than null null null null null null null nell null RAWATI

null Bangalore meet Feb 2010 - news Bytes

The SIEM Evaluator’s GuideThe SIEM Evaluator’s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are