Overview
Explore the power of Linux Audit daemon and Elastic's Auditbeat in this 46-minute Hack in Paris conference talk. Learn how to effectively monitor, centralize, and visualize audit records for enhanced security. Discover techniques for detecting changes to critical files, identifying potential security policy violations, and combining Auditd events with logs. Gain insights into interactive dashboards that help uncover changes, events, and potential security breaches in real-time. Follow along with live demonstrations covering Ubuntu audit reports, configuration of audit rules, and practical examples. Delve into topics such as SSH login attempts, user activity monitoring, file integrity checks, and machine learning applications in security. Explore the integration with AWS S3 and learn about data management strategies for maintaining a robust security posture.
Syllabus
Intro
Security incidents
Questions
General Architecture
Live Demonstration
Ubuntu Audit Report
Ubuntu Audit Rules
Example Rules
Oddity
Elastic
Belk
oddity module
filebit
cabana
auditbeat
overview
auditd configuration
SSH login attempts
User login
Passwd Read
Discover
User Nurse
Executions
Secret Text
Power Abuse
Website
Index
Emoji
Website Vandalism
File Integrity
File Integrity Overview
File Integrity Support
Dashboards
Machine Learning
AWS S3
Lego
Oddness
Dashboard
Stickers
Light
Photo
Containers
System Oddity
Data Management
Security
Taught by
Hack in Paris