SOF-ELK(R): A Free, Scalable Analysis Platform for Forensic, Incident Response, and Security Operations
The slides for this webcast will not be made available.
There is no shortage of digital evidence, with many DFIR and Security Operations teams handling terabytes of log and network data per week.'this amount of data presents unique challenges, and many tools are simply inadequate at such a large scale. 'Commercial platforms that are up to the task are often far out of budgetary reach for small- and medium-sized organizations.
The Elastic Stack, a big data storage and analysis platform, has become increasingly popular due to its scalability and open-source components. 'Countless investigative and security teams have incorporated Elastic into their toolkits, often realizing the significant level of effort required to customize and manage such a powerful tool.'to overcome some of these hurdles, the SOF-ELK platform was created.'sOF-ELK aims to be an appliance-like virtual machine that is preconfigured to ingest and parse several hundred different types of log entries, as well as NetFlow data.'the intent is to provide analysts and investigators with a tool that leverages the power of the Elastic Stack with minimal setup time and effort. 'Originally a part of the SANS FOR572, Advanced Network Forensics & Threat Hunting course, SOF-ELK has been incorporated into additional SANS courses and is released as a free and open-source platform for the overall security community.
In this webcast, we will explore SOF-ELK's use cases, types of log data currently supported, as well as how to load data from live or archived sources. 'We will also show the various dashboards supplied with the VM and show how new features can be activated through the project's GitHub repository. '
