Security Logging Use Cases: Building an Open-Source SIEM

Explore the intricacies of building an open-source Security Information and Event Management (SIEM) system in this 33-minute conference talk by Jonah Kowall from Logz.io. Dive into the world of security logging use cases, learning how to leverage Fluentd and Fluent Bit for effective threat detection and analysis. Discover the challenges of data collection and scale in SIEM systems, and gain insights into parsing diverse security data sources. Examine real-world examples of data collection systems used to consolidate security information into an open-source SIEM. Understand how extracting metrics from logs with Fluentd can enhance your organization's security posture. Explore the EFK Stack's role in log analytics, including collection, indexing, and storage processes. Learn about the centralized approach of SIEM for collection, enrichment, and analysis, while considering future trends in edge computing for faster action and reduced data volumes. Gain valuable knowledge on SIEM use cases, market dynamics, open-source options, data types, collection methods, parsing, schemas, enrichment, ingestion, storage, correlation techniques, incident identification, and workflow management to build your own SIEM system.