SlideShare a Scribd company logo

Enhancing traffic analysis with elk and snort

Y
Yaashan Raj

The slides present about how does Snort detecting the intruders meanwhile how to analyse the traffic using ELK Stack. It will be more helpful for you to detect the intruders and to analyse using colorful virtualization.

Technology
1 of 19
Download to read offline
Enhancing Traffic Analysis with ELK and Snort
rawSEC Official Monthly Meetup v1 2018
About us • We are: The Machas, 1Qra’, seTajul clan, Cyber Warrior • Gold for Project Innovation and Exhibition (PIEx18) – Polytechnic Mersing • Best Award (SPEx18) • 2nd Place InterPolytechnic CTF Challenge • Cyber Heroes • Cyber Range Academy Conference and Security Day (OWASP) 2017 – Polytechnic Mersing • Hack@10 – UNITEN
Cyber Security Innovation Awards 2017 (Education)
agenda • Introduction • Overview • What is the problem? • Setup • Installation : Snort integrated with ELK • The scenario • Demo by The Machas • Q & A
Overview • No visibility • Are we under attacks? • PCAP, or it didn’t happen • Packet analysis • Pishang
Objective 1 • Successfully installed Snort in the Ubuntu Server Install Snort in the server • Configure the local.rules to write ICMP rules Objective 2 Write NMAP rulesObjective 3 Visibility Deployment Write ICMP rules • Configure the local.rules to write Network Mapper (NMAP) Rules in the server Objective 4 • Virtualize the alert through GUI using the Basic Analysis and Security Engine (BASE)
What is the problem? • Couldn’t be able to detect attacks on network • Wouldn’t alert the attacks on the network. • Can’t detect the behavior of an attacker BE VIGILANT , BE SMART ☺
The setup
Snort • Installing Snort pre-requisites • Install Snort • Write rules • Install DAQ • Install Barnyard2 • Install PulledPork • Install BASE ELK • Installing ELK pre-requisites • Install Nginx • Install Kibana • Install ElaticSearch • Install FileBeat and PacketBeat • Install Logstash Installation : Snort integrated with ELK
Why do you need an ELK • Visibility • Real time traffic • Analyse
Analysis: how it could help you? • Detect the Attack • Enforcing Policies • Providing an audit trail.
Why Snort • Snort is configurable • Snort is free • Snort runs on multiple platforms • Snort is constantly updated
scenarios • NMAP scanning? • Fingerprinting’ • Banner Grabbing • Ping? • Again, visibility
How Snort IDS monitoring works Snort intrusion detection system (IDS) has been installed and configured Internet In this example, the snort IDS machine is placed inside the LAN between the firewall and router. Internal Network Intruders Internet Firewall Client
Benefit of visibility • To keep the network defense strong • Ability to see the behavior inside the traffic • To deliver data speed and efficiency
DEMO
Follow us on : https://www.facebook.com/CyberRangeAcademy/ https://www.linkedin.com/company/13448716/ https://twitter.com/cyberrangeacad?lang=en
THANK YOU. BE VIGILANT, BE SMART

Recommended

Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and vision Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and visionElasticsearch
 
Kernel advantages for Istio realized with Cilium
Kernel advantages for Istio realized with CiliumKernel advantages for Istio realized with Cilium
Kernel advantages for Istio realized with CiliumCynthia Thomas
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh clevernetsystemsgeneva
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring SystemRofiq Fauzi
 
Network Service Mesh
Network Service MeshNetwork Service Mesh
Network Service MeshPrem Sankar Gopannan
 
Mikrotik router os qos best practice
Mikrotik router os qos best practiceMikrotik router os qos best practice
Mikrotik router os qos best practiceBassel Kablawi
 
BGA CTF 2012 Ethical Hacking Yarışması Çözümleri
BGA CTF 2012 Ethical Hacking Yarışması ÇözümleriBGA CTF 2012 Ethical Hacking Yarışması Çözümleri
BGA CTF 2012 Ethical Hacking Yarışması ÇözümleriBGA Cyber Security
 

Recommended

Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and vision Keynote: Elastic Observability evolution and vision
Keynote: Elastic Observability evolution and visionElasticsearch
 
Kernel advantages for Istio realized with Cilium
Kernel advantages for Istio realized with CiliumKernel advantages for Istio realized with Cilium
Kernel advantages for Istio realized with CiliumCynthia Thomas
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh clevernetsystemsgeneva
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring SystemRofiq Fauzi
 
Network Service Mesh
Network Service MeshNetwork Service Mesh
Network Service MeshPrem Sankar Gopannan
 
Mikrotik router os qos best practice
Mikrotik router os qos best practiceMikrotik router os qos best practice
Mikrotik router os qos best practiceBassel Kablawi
 
BGA CTF 2012 Ethical Hacking Yarışması Çözümleri
BGA CTF 2012 Ethical Hacking Yarışması ÇözümleriBGA CTF 2012 Ethical Hacking Yarışması Çözümleri
BGA CTF 2012 Ethical Hacking Yarışması ÇözümleriBGA Cyber Security
 
Segment Routing for Dummies
Segment Routing for DummiesSegment Routing for Dummies
Segment Routing for DummiesGary Jan
 
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdfmastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdfManiacH1
 
Security Onion
Security OnionSecurity Onion
Security Onionjohndegruyter
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service ProvidersBAKOTECH
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT OperationsSplunk
 
Cisco MPLS
Cisco MPLSCisco MPLS
Cisco MPLSwebhostingguy
 
Elastic stack Presentation
Elastic stack PresentationElastic stack Presentation
Elastic stack PresentationAmr Alaa Yassen
 
Hping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif ÇalışmalarıHping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif ÇalışmalarıBGA Cyber Security
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLIHoàng Hải Nguyễn
 
Combining logs, metrics, and traces for unified observability
Combining logs, metrics, and traces for unified observabilityCombining logs, metrics, and traces for unified observability
Combining logs, metrics, and traces for unified observabilityElasticsearch
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics nullowaspmumbai
 
Chapter 8 overview
Chapter 8 overviewChapter 8 overview
Chapter 8 overviewali raza
 
Nat traversal in WebRTC context
Nat traversal in WebRTC contextNat traversal in WebRTC context
Nat traversal in WebRTC contextAudioCodes
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookRHC Technologies
 
Configuration & Routing of Clos Networks
Configuration & Routing of Clos NetworksConfiguration & Routing of Clos Networks
Configuration & Routing of Clos NetworksCumulus Networks
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authenticationAlberto Rivai
 
Routing simulator
Routing simulatorRouting simulator
Routing simulatorarun prakash
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with SnortNarudom Roongsiriwong, CISSP
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
Network Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxNetwork Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxArifinChowdhury2
 
Scanning Channel Islands Cyberspace
Scanning Channel Islands Cyberspace Scanning Channel Islands Cyberspace
Scanning Channel Islands Cyberspace Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 

More Related Content

What's hot

Segment Routing for Dummies
Segment Routing for DummiesSegment Routing for Dummies
Segment Routing for DummiesGary Jan
 
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdfmastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdfManiacH1
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service ProvidersBAKOTECH
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT OperationsSplunk
 
Elastic stack Presentation
Elastic stack PresentationElastic stack Presentation
Elastic stack PresentationAmr Alaa Yassen
 
Hping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif ÇalışmalarıHping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif ÇalışmalarıBGA Cyber Security
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLIHoàng Hải Nguyễn
 
Combining logs, metrics, and traces for unified observability
Combining logs, metrics, and traces for unified observabilityCombining logs, metrics, and traces for unified observability
Combining logs, metrics, and traces for unified observabilityElasticsearch
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics nullowaspmumbai
 
Chapter 8 overview
Chapter 8 overviewChapter 8 overview
Chapter 8 overviewali raza
 
Nat traversal in WebRTC context
Nat traversal in WebRTC contextNat traversal in WebRTC context
Nat traversal in WebRTC contextAudioCodes
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookRHC Technologies
 
Configuration & Routing of Clos Networks
Configuration & Routing of Clos NetworksConfiguration & Routing of Clos Networks
Configuration & Routing of Clos NetworksCumulus Networks
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authenticationAlberto Rivai
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 

What's hot (20)

Segment Routing for Dummies
Segment Routing for DummiesSegment Routing for Dummies
Segment Routing for Dummies
 
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdfmastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service Providers
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
 
Cisco MPLS
Cisco MPLSCisco MPLS
Cisco MPLS
 
Elastic stack Presentation
Elastic stack PresentationElastic stack Presentation
Elastic stack Presentation
 
Hping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif ÇalışmalarıHping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif Çalışmaları
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
 
Combining logs, metrics, and traces for unified observability
Combining logs, metrics, and traces for unified observabilityCombining logs, metrics, and traces for unified observability
Combining logs, metrics, and traces for unified observability
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics
 
Chapter 8 overview
Chapter 8 overviewChapter 8 overview
Chapter 8 overview
 
Nat traversal in WebRTC context
Nat traversal in WebRTC contextNat traversal in WebRTC context
Nat traversal in WebRTC context
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBook
 
Configuration & Routing of Clos Networks
Configuration & Routing of Clos NetworksConfiguration & Routing of Clos Networks
Configuration & Routing of Clos Networks
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authentication
 
Routing simulator
Routing simulatorRouting simulator
Routing simulator
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
 

Similar to Enhancing traffic analysis with elk and snort

Network Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxNetwork Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxArifinChowdhury2
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Nagios Conference 2014 - Luke Groschen - Using Nagios Network Analyzer and NS...
Nagios Conference 2014 - Luke Groschen - Using Nagios Network Analyzer and NS...Nagios Conference 2014 - Luke Groschen - Using Nagios Network Analyzer and NS...
Nagios Conference 2014 - Luke Groschen - Using Nagios Network Analyzer and NS...Nagios
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networkingmarkmcclain
 
Eric Loyd - Fractal Nagios
Eric Loyd - Fractal NagiosEric Loyd - Fractal Nagios
Eric Loyd - Fractal NagiosNagios
 
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Disha Bedi
 
Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...vsoshnikov
 
Defining the stack for service delivery models and interoperability in the in...
Defining the stack for service delivery models and interoperability in the in...Defining the stack for service delivery models and interoperability in the in...
Defining the stack for service delivery models and interoperability in the in...ieeepondy
 
5G Core Network - ZTE 5g Cloude ServCore
5G Core Network - ZTE 5g Cloude ServCore5G Core Network - ZTE 5g Cloude ServCore
5G Core Network - ZTE 5g Cloude ServCoreITU
 
Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]
Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]
Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]RootedCON
 
Next-generation enterprise Ethereum managed services
Next-generation enterprise Ethereum managed servicesNext-generation enterprise Ethereum managed services
Next-generation enterprise Ethereum managed servicesEugene Aseev
 
Threat intelligence solution
Threat intelligence solutionThreat intelligence solution
Threat intelligence solutionARUN REDDY M
 

Similar to Enhancing traffic analysis with elk and snort (20)

Network Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxNetwork Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptx
 
Scanning Channel Islands Cyberspace
Scanning Channel Islands Cyberspace Scanning Channel Islands Cyberspace
Scanning Channel Islands Cyberspace
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
Nagios Conference 2014 - Luke Groschen - Using Nagios Network Analyzer and NS...
Nagios Conference 2014 - Luke Groschen - Using Nagios Network Analyzer and NS...Nagios Conference 2014 - Luke Groschen - Using Nagios Network Analyzer and NS...
Nagios Conference 2014 - Luke Groschen - Using Nagios Network Analyzer and NS...
 
Web Application Detection with SNORT
Web Application Detection with SNORTWeb Application Detection with SNORT
Web Application Detection with SNORT
 
Vp ns
Vp nsVp ns
Vp ns
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
 
Eric Loyd - Fractal Nagios
Eric Loyd - Fractal NagiosEric Loyd - Fractal Nagios
Eric Loyd - Fractal Nagios
 
PacketEye
PacketEyePacketEye
PacketEye
 
State of the OpenDaylight Union
State of the OpenDaylight UnionState of the OpenDaylight Union
State of the OpenDaylight Union
 
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...Engineering Internship Report - Network Intrusion Detection And Prevention Us...
Engineering Internship Report - Network Intrusion Detection And Prevention Us...
 
Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...
 
Defining the stack for service delivery models and interoperability in the in...
Defining the stack for service delivery models and interoperability in the in...Defining the stack for service delivery models and interoperability in the in...
Defining the stack for service delivery models and interoperability in the in...
 
Saurav Nishant_CV
Saurav Nishant_CVSaurav Nishant_CV
Saurav Nishant_CV
 
5G Core Network - ZTE 5g Cloude ServCore
5G Core Network - ZTE 5g Cloude ServCore5G Core Network - ZTE 5g Cloude ServCore
5G Core Network - ZTE 5g Cloude ServCore
 
Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]
Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]
Javier Hijas & Ori Kuyumgiski - Security at the speed of DevOps [rooted2018]
 
Next-generation enterprise Ethereum managed services
Next-generation enterprise Ethereum managed servicesNext-generation enterprise Ethereum managed services
Next-generation enterprise Ethereum managed services
 
Threat intelligence solution
Threat intelligence solutionThreat intelligence solution
Threat intelligence solution
 

Recently uploaded

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...Sri Ambati
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsPaul Groth
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...Product School
 

Recently uploaded (20)

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 

Enhancing traffic analysis with elk and snort

  • 2. rawSEC Official Monthly Meetup v1 2018
  • 3. About us • We are: The Machas, 1Qra’, seTajul clan, Cyber Warrior • Gold for Project Innovation and Exhibition (PIEx18) – Polytechnic Mersing • Best Award (SPEx18) • 2nd Place InterPolytechnic CTF Challenge • Cyber Heroes • Cyber Range Academy Conference and Security Day (OWASP) 2017 – Polytechnic Mersing • Hack@10 – UNITEN
  • 4. Cyber Security Innovation Awards 2017 (Education)
  • 5. agenda • Introduction • Overview • What is the problem? • Setup • Installation : Snort integrated with ELK • The scenario • Demo by The Machas • Q & A
  • 6. Overview • No visibility • Are we under attacks? • PCAP, or it didn’t happen • Packet analysis • Pishang
  • 7. Objective 1 • Successfully installed Snort in the Ubuntu Server Install Snort in the server • Configure the local.rules to write ICMP rules Objective 2 Write NMAP rulesObjective 3 Visibility Deployment Write ICMP rules • Configure the local.rules to write Network Mapper (NMAP) Rules in the server Objective 4 • Virtualize the alert through GUI using the Basic Analysis and Security Engine (BASE)
  • 8. What is the problem? • Couldn’t be able to detect attacks on network • Wouldn’t alert the attacks on the network. • Can’t detect the behavior of an attacker BE VIGILANT , BE SMART ☺
  • 10. Snort • Installing Snort pre-requisites • Install Snort • Write rules • Install DAQ • Install Barnyard2 • Install PulledPork • Install BASE ELK • Installing ELK pre-requisites • Install Nginx • Install Kibana • Install ElaticSearch • Install FileBeat and PacketBeat • Install Logstash Installation : Snort integrated with ELK
  • 11. Why do you need an ELK • Visibility • Real time traffic • Analyse
  • 12. Analysis: how it could help you? • Detect the Attack • Enforcing Policies • Providing an audit trail.
  • 13. Why Snort • Snort is configurable • Snort is free • Snort runs on multiple platforms • Snort is constantly updated
  • 14. scenarios • NMAP scanning? • Fingerprinting’ • Banner Grabbing • Ping? • Again, visibility
  • 15. How Snort IDS monitoring works Snort intrusion detection system (IDS) has been installed and configured Internet In this example, the snort IDS machine is placed inside the LAN between the firewall and router. Internal Network Intruders Internet Firewall Client
  • 16. Benefit of visibility • To keep the network defense strong • Ability to see the behavior inside the traffic • To deliver data speed and efficiency
  • 17. DEMO
  • 18. Follow us on : https://www.facebook.com/CyberRangeAcademy/ https://www.linkedin.com/company/13448716/ https://twitter.com/cyberrangeacad?lang=en