Automated Infrastructure Security Monitoring using FOSS


For most network engineers who monitor the perimeter for malicious content, having to crunch through all the logs that the various devices (firewalls, routers, security appliances, etc.) spit out, correlating that data and in real time making the right choices can prove to be a nightmare. As I have experienced as part of the internal DevOps and Incident Response Teams, I discuss how to create a space for interested folks to design, build, customise and deploy their very own FOSS-based centralised visual attack monitoring dashboard. This setup would be able to perform real time analysis using the trusted ELK stack and visually denote what popular attack hotspots exist on a network.

Live, Online