Discovering Security Events of Interest Using Splunk
- Carrie Roberts-Master's Degree Candidate
- Friday, December 13th, 8:15pm - 8:55pm
Master's Degree Presentation
Security events of interest can be discovered by analyzing several different sources of machine data, including logs. Applications and the servers they run on contain many valuable logs which detail the events that have occurred on them. By analyzing and correlating this data, important information about the attacks against these systems can be discovered. Splunk is a powerful tool for analyzing such data. It provides a high performance solution for analyzing large amounts of unstructured data from multiple sources. This presentation includes a description of Splunk software features and architecture. Methods for setting up a Splunk server and forwarding data to it from multiple sources are included. Example searches and use of pre-built add on functionality is given. It is a concise, comprehensive guide for deploying and using a centralized system for intelligence gathering, with a focus on detecting security events of interest.
Speaker Bio: Carrie Roberts is a Web Application Developer for Hewlett-Packard. She became interested in security through her work with penetration testing on production systems. She focuses her efforts on ensuring that software development is done with security in mind and works closely with the operations team to monitor systems. Carrie is a candidate in the Master of Science in Information Security Degree Program of SANS Technology Institute, and holds several GIAC Certifications.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
Thursday, December 12
|General Session - Welcome to SANS||Dr. Eric Cole||Thursday, December 12th, 8:15am - 8:45am||Special Events|
|Building a Security Program that Protects an Organizationâs Most Critical Assets â A Different Approach||Robert Eggebrecht, President and CEO, BEW Global||Thursday, December 12th, 12:30pm - 1:15pm||Lunch and Learn|
|SANS Technology Institute Open House||Alan Paller, President of the SANS Technology Institute||Thursday, December 12th, 6:00pm - 7:15pm||Special Events|
|APT: It is Time to Act||Dr. Eric Cole||Thursday, December 12th, 7:15pm - 9:15pm||Keynote|
Friday, December 13
|Vendor Solutions Expo||—||Friday, December 13th, 12:00pm - 1:30pm||Vendor Event|
|Vendor Solutions Expo||—||Friday, December 13th, 5:00pm - 7:00pm||Vendor Event|
|Windows Exploratory Surgery with Process Hacker||Jason Fossen||Friday, December 13th, 7:15pm - 8:45pm||SANS@Night|
|Have no fear - DFIR is here!||Rob Lee, Chad Tilbury, Alissa Torres, and Lenny Zeltser||Friday, December 13th, 7:15pm - 8:45pm||SANS@Night|
|A Predictive Security Model Using Bayesian Networks||Dan Lyon-Master's Degree Candidate||Friday, December 13th, 7:15pm - 7:55pm||Special Events|
|Discovering Security Events of Interest Using Splunk||Carrie Roberts-Master's Degree Candidate||Friday, December 13th, 8:15pm - 8:55pm||Special Events|
|Active Deception to Augment Intrusion Detection||Josh Johnson- Master's Degree Candidate||Friday, December 13th, 8:15pm - 8:55pm||Special Events|
Saturday, December 14
|Fortinet Next Generation Firewalls||Justin Kallhoff, CEO Infogressive||Saturday, December 14th, 12:30pm - 1:15pm||Lunch and Learn|
|The Power of Lossless Packet Capture (1G-100G) & Real-time Netflow||Andrew Weismanâ€“ Senior Sales Engineer, Emulex||Saturday, December 14th, 12:30pm - 1:15pm||Lunch and Learn|
|Continuous Ownage: Why you Need Continuous Monitoring||Eric Conrad and Seth Misenar||Saturday, December 14th, 7:15pm - 8:15pm||SANS@Night|
|Booting a Write-blocked Drive to a VM Using Linux (Ubuntu)||Carlos Cajigas||Saturday, December 14th, 7:15pm - 8:15pm||SANS@Night|
|An Introduction to PowerShell for Security Assessments||James Tarala||Saturday, December 14th, 8:15pm - 9:15pm||SANS@Night|
|Closing the Door on Web Shells||Anuj Soni||Saturday, December 14th, 8:15pm - 9:15pm||SANS@Night|
Sunday, December 15
|NetWars Tournament of Champions||Yori Kvitchko||Sunday, December 15th, 6:30pm - 9:30pm||Special Events|
|GIAC Program Overview||Jeff Frisk||Sunday, December 15th, 7:15pm - 8:15pm||Special Events|
|Who's Watching the Watchers?||Mike Poor||Sunday, December 15th, 7:15pm - 8:15pm||SANS@Night|
|Security Onion: Installed and Now What?||Chris Mohan||Sunday, December 15th, 7:15pm - 8:15pm||SANS@Night|
|Sharing Without Borders: Attacking and Testing SharePoint||Kevin Johnson||Sunday, December 15th, 8:15pm - 9:15pm||SANS@Night|
|Hacking Back, Active Defense, and Internet Tough Guys||John Strand||Sunday, December 15th, 8:15pm - 9:15pm||SANS@Night|
|Privacy and Peace of Mind While Accessing the Internet Via a Free/Public Access Point Through the Use of Your Very Own SOHO VPN Server. Easy as Pie... Raspberry Pi.||Eric Jodoin - STI Masterâ€™s Degree Candidate||Sunday, December 15th, 8:15pm - 8:55pm||Special Events|
Monday, December 16
|SANS Presents: People Who Made a Difference In Security in 2013||Alan Paller||Monday, December 16th, 12:30pm - 1:15pm||Lunch and Learn|
|Targeted, Wire-speed Yara Analysis for Real-time Malware Prevention||Mike Nichols, Technical Product Manager||Monday, December 16th, 12:30pm - 1:15pm||Lunch and Learn|
|NetWars Tournament of Champions||Yori Kvitchko||Monday, December 16th, 6:30pm - 9:30pm||Special Events|
|Effective Phishing that Employees Like||Lance Spitzner||Monday, December 16th, 7:15pm - 8:15pm||SANS@Night|
|New School Forensics: Latest Tools and Techniques in Memory Analysis||Chad Tilbury||Monday, December 16th, 7:15pm - 8:15pm||SANS@Night|
|Securing The Kids||Lance Spitzner||Monday, December 16th, 8:15pm - 9:15pm||SANS@Night|