SlideShare a Scribd company logo

Zentral london mac_ad_uk_2017

Henry Stamerjohann
Henry Stamerjohann

Zentral is a framework to gather, process, and monitor system events and link them to an inventory.

Technology
1 of 85
Download to read offline
journeys from logging towards manage clients for incident response zentral
@head_min Henry Stamerjohann consultant, systems engineer Apfelwerk GmbH & Co. KG, Germany whoami
where are we going • logging • events • tools • zentral ?
• central • centrally • pivotal • polar [zen-t-ral], adj.zentral
open source tool to gather, process, and monitor events
basics
Client management Events Computer Admin Filter Action Tools log controlaudit
aggregate system state, logs, and enforce management
collect records, store event data • system • user • applications logging
• know about errors • early warning of suspicious activity • evidence to find what went wrong • reduce event data with filtering • aggregate/forward logs from multiple sources logging
• examine system.log & other log files • Apple System Logging facility (ASL), Syslog APIs • error or status events • system processes logging (pre Sierra)
tools like tail, grep for keyword search
syslog NOTE: Most system logs have moved to a new logging system. See log(1) for more information.
• new Unified Logging • very little goes to system.log file now • new Console.app and command line tool "log" • logs stored in a compressed binary format • different persistent settings configurable logging (in Sierra)
log shipping not (yet) implemented
why ?
events are everything, and everything is events
Google Santa
• binary black-/whitelisting system for macOS • keeps track of binaries in macOS • event logging (hint: log aggregation) • local-only rules or sync with server • developed by Google https://github.com/ google/santa Google Santa
• client mode MONITOR • client mode LOCKDOWN (defaults deny) • WhitelistRegex/BlacklistRegex for paths • Zentral is a log & configuration server for Santa Google Santa
full audit trail on binary executions
osquery
• ask questions about infrastructure • query system state with simple SQL syntax • low-level operating system analytics • multi platform support (mac, linux, windows) • developed by Facebook https://osquery.io osquery
• distributed queries • file integrity monitoring • osquery Packs • import as feeds to Zentral • Zentral is a log & configuration server for osquery osquery
customize audit trail
• log data aggregated from infrastructure • traditional log collection (modernized aproach) • shipped to Logstash, ingested by Zentral • multi platform support (mac, linux, windows) • Logstash, Beats by Elastic https://elastic.co ELK / Logstash + Beats
• Logstash ecosystem available • ElasticSearch is the datastore for events in Zentral • Kibana is used for event visualization • full ELK stack is integrated in Zentral ELK / Logstash + Beats
centralized log events from infrastucture
• robust infrastructure monitoring • traditional server monitoring • uptime, downtime, and performance • Nagios instances push host & service events to Zentral (event handlers) Nagios / Icinga
infrastructure state monitoring
Inventory
Inventory to link events with clients • multiple inventory sources • background sync • push / pull
Push inventory Pull inventory Munki osquery Santa Zentral ?
ActionsEvents gather, process, and monitor events
Actions Email Events osquery Santa Munki gather, process, and monitor events
Configuration osquery Santa Munki osquery Santa Inventory Munki Munki Events osquery Santa gather, process, and monitor events Email Actions
Zentral is a open hub for your deployed tools
Demo Objective: connect inventory to Zentral Inventory Events
Scenario • Filebeat log shipping already configured • configure and use Jamf Webhooks • create Events Probe w/ filter • inspect client events & server logs
scope of work goes beyond a single host there are tons of engineering and security considerations Summary • Jamf Pro connects with Zentral • Jamf Webhooks push events to Zentral • Filebeat aggregates logfile data from JSS • Probe filters scope to specific events
combine endpoint events & server logs
Munki: • Munki events from endpoints • Logfile from MunkiRepo web-server Jamf Pro: • Logfiles from Jamf distribution points Variations
Probes
Probes are • filters • configuration • actions
Demo Objective: osquery audit / compliance Events Configuration Actions
Scenario • remove MDM profile • osquery Probe for change detection • automate remediation • review event history
Summary • osquery detect config change on client • Probe is triggered back by osquery • Jamf group change action trigger by Zentral • Jamf policy scoped for mitigation, re-installs MDM profile
audit trail for management frameworks
Incident response
the quality of response can make a difference • find weak spots • search for more information • not only focus on things that are broken • look also at the big picture • review change events over time because incidents happen…
@llauren To protect ourselves against the incompetent and the malignant… Be a sysadmin. What a life.
Demo Objective: Control privileged accounts Events Configuration Actions
Scenario • User with admin privileges • Santa in LOCKDOWN mode • binary execution: defaults deny
Summary • Santa config controlled by Zentral • Santa blocks unknown binaries by default • developer tools are usable and behave well • admin privileges with security belt
control and monitor endpoints
Client Enrollment • Settings • download .pkg
Zentral
combine powerful existing tools to meet your operational requirements
deployment
simple Zentral all-in-one • Amazon AWS (prod. / eval.) • GoogleCloudServices (prod. / eval.) • Vagrant box (evaluation) • VMware .ova (evaluation) • docker-compose (dev. / eval.) deployment
support options
(free) community support via github paid support contract on request: dev@zentral.io • SaaS (cloud based service) • professional services, custom development • integration support (on premise) • Munki manifests management (on request) support options
info & doku
GitHub: https://github.com/zentralopensource Website: https://zentral.io Tutorials: goo.gl/qsIVkl Ebook: https://leanpub.com/zentral info & doku
We run 1/2 day workshops at some MacAdmin meetups in Europe during Q1/Q2 2017 talk to us workshops
thank you !
Q & A
Zentral london mac_ad_uk_2017

Recommended

Zentral presentation MacAdmins meetup Univ. Utah
Zentral presentation MacAdmins meetup Univ. Utah Zentral presentation MacAdmins meetup Univ. Utah
Zentral presentation MacAdmins meetup Univ. Utah Henry Stamerjohann
 
Zentral macaduk conf 2016
Zentral macaduk conf 2016Zentral macaduk conf 2016
Zentral macaduk conf 2016Henry Stamerjohann
 
PyCon 2019 - A Snake in the Bits: Security Automation with Python
PyCon 2019 - A Snake in the Bits: Security Automation with PythonPyCon 2019 - A Snake in the Bits: Security Automation with Python
PyCon 2019 - A Snake in the Bits: Security Automation with PythonMoses Schwartz
 
QCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoQCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoDamien Dallimore
 
Google Cloud Platform monitoring with Zabbix
Google Cloud Platform monitoring with ZabbixGoogle Cloud Platform monitoring with Zabbix
Google Cloud Platform monitoring with ZabbixMax Kuzkin
 
StackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite Talk
StackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite TalkStackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite Talk
StackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite TalkStackStorm
 
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Tom Kerkhove
 
Designing an API for the Internet of Things
Designing an API for the Internet of ThingsDesigning an API for the Internet of Things
Designing an API for the Internet of ThingsKevin Swiber
 

Recommended

Zentral presentation MacAdmins meetup Univ. Utah
Zentral presentation MacAdmins meetup Univ. Utah Zentral presentation MacAdmins meetup Univ. Utah
Zentral presentation MacAdmins meetup Univ. Utah Henry Stamerjohann
 
Zentral macaduk conf 2016
Zentral macaduk conf 2016Zentral macaduk conf 2016
Zentral macaduk conf 2016Henry Stamerjohann
 
PyCon 2019 - A Snake in the Bits: Security Automation with Python
PyCon 2019 - A Snake in the Bits: Security Automation with PythonPyCon 2019 - A Snake in the Bits: Security Automation with Python
PyCon 2019 - A Snake in the Bits: Security Automation with PythonMoses Schwartz
 
QCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoQCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoDamien Dallimore
 
Google Cloud Platform monitoring with Zabbix
Google Cloud Platform monitoring with ZabbixGoogle Cloud Platform monitoring with Zabbix
Google Cloud Platform monitoring with ZabbixMax Kuzkin
 
StackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite Talk
StackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite TalkStackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite Talk
StackStorm Product Highlights - DevOps Enterprise 2014 After-Party Ignite TalkStackStorm
 
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Tom Kerkhove
 
Designing an API for the Internet of Things
Designing an API for the Internet of ThingsDesigning an API for the Internet of Things
Designing an API for the Internet of ThingsKevin Swiber
 
SplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunk
 
Nagios Conference 2014 - Konstantin Benz - Monitoring Openstack The Relations...
Nagios Conference 2014 - Konstantin Benz - Monitoring Openstack The Relations...Nagios Conference 2014 - Konstantin Benz - Monitoring Openstack The Relations...
Nagios Conference 2014 - Konstantin Benz - Monitoring Openstack The Relations...Nagios
 
Stabilizing the Jenga tower: Scaling out Ceilometer
Stabilizing the Jenga tower: Scaling out CeilometerStabilizing the Jenga tower: Scaling out Ceilometer
Stabilizing the Jenga tower: Scaling out CeilometerPradeep Kilambi
 
Mistral and StackStorm
Mistral and StackStormMistral and StackStorm
Mistral and StackStormDmitri Zimine
 
Monitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloudMonitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloudDatadog
 
Splunk
SplunkSplunk
SplunkKnoldus Inc.
 
OpenStack Ceilometer
OpenStack CeilometerOpenStack Ceilometer
OpenStack Ceilometeropenstackindia
 
Zentral - what's new? - MacDevOps:YVR 2017
Zentral - what's new? - MacDevOps:YVR 2017Zentral - what's new? - MacDevOps:YVR 2017
Zentral - what's new? - MacDevOps:YVR 2017Henry Stamerjohann
 
Windows iot barone
Windows iot baroneWindows iot barone
Windows iot baroneDotNetCampus
 
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...Karl Ots
 
Real-time data analysis using ELK
Real-time data analysis using ELKReal-time data analysis using ELK
Real-time data analysis using ELKJettro Coenradie
 
REST APIs for the Internet of Things
REST APIs for the Internet of ThingsREST APIs for the Internet of Things
REST APIs for the Internet of ThingsMichael Koster
 
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda – Da...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda – Da...Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda – Da...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda – Da...Amazon Web Services
 
Efficient monitoring and alerting
Efficient monitoring and alertingEfficient monitoring and alerting
Efficient monitoring and alertingTobias Schmidt
 
Samza: Real-time Stream Processing at LinkedIn
Samza: Real-time Stream Processing at LinkedInSamza: Real-time Stream Processing at LinkedIn
Samza: Real-time Stream Processing at LinkedInC4Media
 
Datadog- Monitoring In Motion
Datadog- Monitoring In Motion Datadog- Monitoring In Motion
Datadog- Monitoring In Motion Cloud Native Apps SF
 
AWS Loft Talk: Behind the Scenes with SignalFx
AWS Loft Talk: Behind the Scenes with SignalFxAWS Loft Talk: Behind the Scenes with SignalFx
AWS Loft Talk: Behind the Scenes with SignalFxSignalFx
 
Ceilometer + Heat = Alarming
Ceilometer + Heat = Alarming Ceilometer + Heat = Alarming
Ceilometer + Heat = Alarming Nicolas (Nick) Barcet
 
Scalable and Reliable Logging at Pinterest
Scalable and Reliable Logging at PinterestScalable and Reliable Logging at Pinterest
Scalable and Reliable Logging at PinterestKrishna Gade
 
Docker Usage Patterns - Meetup Docker Paris - November, 10th 2015
Docker Usage Patterns - Meetup Docker Paris - November, 10th 2015Docker Usage Patterns - Meetup Docker Paris - November, 10th 2015
Docker Usage Patterns - Meetup Docker Paris - November, 10th 2015Datadog
 
RuSIEM overview (english version)
RuSIEM overview (english version)RuSIEM overview (english version)
RuSIEM overview (english version)Olesya Shelestova
 
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...Flink Forward
 

More Related Content

What's hot

SplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunk
 
Nagios Conference 2014 - Konstantin Benz - Monitoring Openstack The Relations...
Nagios Conference 2014 - Konstantin Benz - Monitoring Openstack The Relations...Nagios Conference 2014 - Konstantin Benz - Monitoring Openstack The Relations...
Nagios Conference 2014 - Konstantin Benz - Monitoring Openstack The Relations...Nagios
 
Stabilizing the Jenga tower: Scaling out Ceilometer
Stabilizing the Jenga tower: Scaling out CeilometerStabilizing the Jenga tower: Scaling out Ceilometer
Stabilizing the Jenga tower: Scaling out CeilometerPradeep Kilambi
 
Mistral and StackStorm
Mistral and StackStormMistral and StackStorm
Mistral and StackStormDmitri Zimine
 
Monitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloudMonitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloudDatadog
 
Zentral - what's new? - MacDevOps:YVR 2017
Zentral - what's new? - MacDevOps:YVR 2017Zentral - what's new? - MacDevOps:YVR 2017
Zentral - what's new? - MacDevOps:YVR 2017Henry Stamerjohann
 
Windows iot barone
Windows iot baroneWindows iot barone
Windows iot baroneDotNetCampus
 
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...Karl Ots
 
Real-time data analysis using ELK
Real-time data analysis using ELKReal-time data analysis using ELK
Real-time data analysis using ELKJettro Coenradie
 
REST APIs for the Internet of Things
REST APIs for the Internet of ThingsREST APIs for the Internet of Things
REST APIs for the Internet of ThingsMichael Koster
 
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda – Da...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda – Da...Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda – Da...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda – Da...Amazon Web Services
 
Efficient monitoring and alerting
Efficient monitoring and alertingEfficient monitoring and alerting
Efficient monitoring and alertingTobias Schmidt
 
Samza: Real-time Stream Processing at LinkedIn
Samza: Real-time Stream Processing at LinkedInSamza: Real-time Stream Processing at LinkedIn
Samza: Real-time Stream Processing at LinkedInC4Media
 
AWS Loft Talk: Behind the Scenes with SignalFx
AWS Loft Talk: Behind the Scenes with SignalFxAWS Loft Talk: Behind the Scenes with SignalFx
AWS Loft Talk: Behind the Scenes with SignalFxSignalFx
 
Scalable and Reliable Logging at Pinterest
Scalable and Reliable Logging at PinterestScalable and Reliable Logging at Pinterest
Scalable and Reliable Logging at PinterestKrishna Gade
 
Docker Usage Patterns - Meetup Docker Paris - November, 10th 2015
Docker Usage Patterns - Meetup Docker Paris - November, 10th 2015Docker Usage Patterns - Meetup Docker Paris - November, 10th 2015
Docker Usage Patterns - Meetup Docker Paris - November, 10th 2015Datadog
 

What's hot (20)

SplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security Ninjitsu
 
Nagios Conference 2014 - Konstantin Benz - Monitoring Openstack The Relations...
Nagios Conference 2014 - Konstantin Benz - Monitoring Openstack The Relations...Nagios Conference 2014 - Konstantin Benz - Monitoring Openstack The Relations...
Nagios Conference 2014 - Konstantin Benz - Monitoring Openstack The Relations...
 
Stabilizing the Jenga tower: Scaling out Ceilometer
Stabilizing the Jenga tower: Scaling out CeilometerStabilizing the Jenga tower: Scaling out Ceilometer
Stabilizing the Jenga tower: Scaling out Ceilometer
 
Mistral and StackStorm
Mistral and StackStormMistral and StackStorm
Mistral and StackStorm
 
Monitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloudMonitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloud
 
Splunk
SplunkSplunk
Splunk
 
OpenStack Ceilometer
OpenStack CeilometerOpenStack Ceilometer
OpenStack Ceilometer
 
Zentral - what's new? - MacDevOps:YVR 2017
Zentral - what's new? - MacDevOps:YVR 2017Zentral - what's new? - MacDevOps:YVR 2017
Zentral - what's new? - MacDevOps:YVR 2017
 
Windows iot barone
Windows iot baroneWindows iot barone
Windows iot barone
 
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
 
Real-time data analysis using ELK
Real-time data analysis using ELKReal-time data analysis using ELK
Real-time data analysis using ELK
 
REST APIs for the Internet of Things
REST APIs for the Internet of ThingsREST APIs for the Internet of Things
REST APIs for the Internet of Things
 
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda – Da...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda – Da...Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda – Da...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda – Da...
 
Efficient monitoring and alerting
Efficient monitoring and alertingEfficient monitoring and alerting
Efficient monitoring and alerting
 
Samza: Real-time Stream Processing at LinkedIn
Samza: Real-time Stream Processing at LinkedInSamza: Real-time Stream Processing at LinkedIn
Samza: Real-time Stream Processing at LinkedIn
 
Datadog- Monitoring In Motion
Datadog- Monitoring In Motion Datadog- Monitoring In Motion
Datadog- Monitoring In Motion
 
AWS Loft Talk: Behind the Scenes with SignalFx
AWS Loft Talk: Behind the Scenes with SignalFxAWS Loft Talk: Behind the Scenes with SignalFx
AWS Loft Talk: Behind the Scenes with SignalFx
 
Ceilometer + Heat = Alarming
Ceilometer + Heat = Alarming Ceilometer + Heat = Alarming
Ceilometer + Heat = Alarming
 
Scalable and Reliable Logging at Pinterest
Scalable and Reliable Logging at PinterestScalable and Reliable Logging at Pinterest
Scalable and Reliable Logging at Pinterest
 
Docker Usage Patterns - Meetup Docker Paris - November, 10th 2015
Docker Usage Patterns - Meetup Docker Paris - November, 10th 2015Docker Usage Patterns - Meetup Docker Paris - November, 10th 2015
Docker Usage Patterns - Meetup Docker Paris - November, 10th 2015
 

Similar to Zentral london mac_ad_uk_2017

RuSIEM overview (english version)
RuSIEM overview (english version)RuSIEM overview (english version)
RuSIEM overview (english version)Olesya Shelestova
 
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...Flink Forward
 
All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!Xavier Mertens
 
ADDO Open Source Observability Tools
ADDO Open Source Observability Tools ADDO Open Source Observability Tools
ADDO Open Source Observability Tools Mickey Boxell
 
Cashing in on logging and exception data
Cashing in on logging and exception dataCashing in on logging and exception data
Cashing in on logging and exception dataStackify
 
SQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended Events
SQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended EventsSQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended Events
SQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended Eventssqlserver.co.il
 
Itsummit2015 blizzard
Itsummit2015 blizzardItsummit2015 blizzard
Itsummit2015 blizzardkevin_donovan
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive SecurityAndy Hoernecke
 
Monitoring Oracle SOA Suite - UKOUG Tech15 2015
Monitoring Oracle SOA Suite - UKOUG Tech15 2015Monitoring Oracle SOA Suite - UKOUG Tech15 2015
Monitoring Oracle SOA Suite - UKOUG Tech15 2015C2B2 Consulting
 
Monitoring Oracle SOA Suite
Monitoring Oracle SOA SuiteMonitoring Oracle SOA Suite
Monitoring Oracle SOA SuiteC2B2 Consulting
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive securityScott Behrens
 
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...DataScienceConferenc1
 
Sybase BAM Overview
Sybase BAM OverviewSybase BAM Overview
Sybase BAM OverviewXu Jiang
 
Nagios Conference 2007 | Enterprise Application Monitoring with Nagios by Jam...
Nagios Conference 2007 | Enterprise Application Monitoring with Nagios by Jam...Nagios Conference 2007 | Enterprise Application Monitoring with Nagios by Jam...
Nagios Conference 2007 | Enterprise Application Monitoring with Nagios by Jam...NETWAYS
 
Automate: The Globus Vision (GlobusWorld Tour - UMich)
Automate: The Globus Vision (GlobusWorld Tour - UMich)Automate: The Globus Vision (GlobusWorld Tour - UMich)
Automate: The Globus Vision (GlobusWorld Tour - UMich)Globus
 
MacSysAdmin Conference 2019 - Logging
MacSysAdmin Conference 2019 - Logging MacSysAdmin Conference 2019 - Logging
MacSysAdmin Conference 2019 - Logging Henry Stamerjohann
 
A Taste of Monitoring and Post Mortem Debugging with Node
A Taste of Monitoring and Post Mortem Debugging with Node A Taste of Monitoring and Post Mortem Debugging with Node
A Taste of Monitoring and Post Mortem Debugging with Node ibmwebspheresoftware
 

Similar to Zentral london mac_ad_uk_2017 (20)

RuSIEM overview (english version)
RuSIEM overview (english version)RuSIEM overview (english version)
RuSIEM overview (english version)
 
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
 
All your logs are belong to you!
All your logs are belong to you!All your logs are belong to you!
All your logs are belong to you!
 
All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!
 
ADDO Open Source Observability Tools
ADDO Open Source Observability Tools ADDO Open Source Observability Tools
ADDO Open Source Observability Tools
 
Cashing in on logging and exception data
Cashing in on logging and exception dataCashing in on logging and exception data
Cashing in on logging and exception data
 
SQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended Events
SQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended EventsSQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended Events
SQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended Events
 
Itsummit2015 blizzard
Itsummit2015 blizzardItsummit2015 blizzard
Itsummit2015 blizzard
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
 
Monitoring Oracle SOA Suite - UKOUG Tech15 2015
Monitoring Oracle SOA Suite - UKOUG Tech15 2015Monitoring Oracle SOA Suite - UKOUG Tech15 2015
Monitoring Oracle SOA Suite - UKOUG Tech15 2015
 
Monitoring Oracle SOA Suite
Monitoring Oracle SOA SuiteMonitoring Oracle SOA Suite
Monitoring Oracle SOA Suite
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive security
 
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...
 
Sybase BAM Overview
Sybase BAM OverviewSybase BAM Overview
Sybase BAM Overview
 
Nagios Conference 2007 | Enterprise Application Monitoring with Nagios by Jam...
Nagios Conference 2007 | Enterprise Application Monitoring with Nagios by Jam...Nagios Conference 2007 | Enterprise Application Monitoring with Nagios by Jam...
Nagios Conference 2007 | Enterprise Application Monitoring with Nagios by Jam...
 
Tips on SIEM Ops 2015
Tips on SIEM Ops 2015Tips on SIEM Ops 2015
Tips on SIEM Ops 2015
 
Automate: The Globus Vision (GlobusWorld Tour - UMich)
Automate: The Globus Vision (GlobusWorld Tour - UMich)Automate: The Globus Vision (GlobusWorld Tour - UMich)
Automate: The Globus Vision (GlobusWorld Tour - UMich)
 
Redundant devops
Redundant devopsRedundant devops
Redundant devops
 
MacSysAdmin Conference 2019 - Logging
MacSysAdmin Conference 2019 - Logging MacSysAdmin Conference 2019 - Logging
MacSysAdmin Conference 2019 - Logging
 
A Taste of Monitoring and Post Mortem Debugging with Node
A Taste of Monitoring and Post Mortem Debugging with Node A Taste of Monitoring and Post Mortem Debugging with Node
A Taste of Monitoring and Post Mortem Debugging with Node
 

More from Henry Stamerjohann

JamfNation Roadshow Frankfurt-2019 - Security & Business Intelligence
JamfNation Roadshow Frankfurt-2019 - Security & Business IntelligenceJamfNation Roadshow Frankfurt-2019 - Security & Business Intelligence
JamfNation Roadshow Frankfurt-2019 - Security & Business IntelligenceHenry Stamerjohann
 
Google Santa In-Depth - a macOS security & logging tool
Google Santa In-Depth - a macOS security & logging toolGoogle Santa In-Depth - a macOS security & logging tool
Google Santa In-Depth - a macOS security & logging toolHenry Stamerjohann
 
Building your macOS Baseline Requirements MacadUK 2018
Building your macOS Baseline Requirements MacadUK 2018Building your macOS Baseline Requirements MacadUK 2018
Building your macOS Baseline Requirements MacadUK 2018Henry Stamerjohann
 
Zentral combine power of osquery_santa
Zentral combine power of osquery_santaZentral combine power of osquery_santa
Zentral combine power of osquery_santaHenry Stamerjohann
 
Ansible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / QuickstartAnsible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / QuickstartHenry Stamerjohann
 

More from Henry Stamerjohann (6)

JamfNation Roadshow Frankfurt-2019 - Security & Business Intelligence
JamfNation Roadshow Frankfurt-2019 - Security & Business IntelligenceJamfNation Roadshow Frankfurt-2019 - Security & Business Intelligence
JamfNation Roadshow Frankfurt-2019 - Security & Business Intelligence
 
Google Santa In-Depth - a macOS security & logging tool
Google Santa In-Depth - a macOS security & logging toolGoogle Santa In-Depth - a macOS security & logging tool
Google Santa In-Depth - a macOS security & logging tool
 
Zentral QueryCon 2018
Zentral QueryCon 2018Zentral QueryCon 2018
Zentral QueryCon 2018
 
Building your macOS Baseline Requirements MacadUK 2018
Building your macOS Baseline Requirements MacadUK 2018Building your macOS Baseline Requirements MacadUK 2018
Building your macOS Baseline Requirements MacadUK 2018
 
Zentral combine power of osquery_santa
Zentral combine power of osquery_santaZentral combine power of osquery_santa
Zentral combine power of osquery_santa
 
Ansible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / QuickstartAnsible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / Quickstart
 

Recently uploaded

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Recently uploaded (20)

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Zentral london mac_ad_uk_2017