For most network engineers who monitor the perimeter for malicious content, it is very important to respond to an imminent threat originating from outside the boundaries of their network. Having to crunch through all the logs that the various devices (firewalls, routers, security appliances etc.) spit out, correlating that data and in real time making the right choices can prove to be a nightmare. Even with the solutions already available in the market.
As I have experienced this myself, as part of the Internal DevOps and Incident Response Teams, in several cases, I would want to create a space for interested folks to design, build, customize and deploy their very own FOSS based centralized visual attack monitoring dashboard. This setup would be able to perform real time analysis using the trusted ELK stack and visually denote what popular attack hotspots exist on a network.
“All set for our Ninja Level Infrastructure Monitoring workshop @Defcon 24” https://t.co/JQ9vMglQ39— Madhu Akula (@madhuakula) August 2, 2016
cc: @riyazwalikar @appseccouk