Abstract: This talk was a continuation of the discussion started in February where we will overview how machine learning in Elastic X-Pack can be used to analyze data from a data lake help the SOC (Security Operations Center) and Threat Hunting teams find malicious actors in their environment. We will demonstrate how easy it is to pivot through data and start to expand the information we have around the compromise.
Geoff presented a demo similar to this one, https://www.elastic.co/blog/using-kibana-and-beats-for-security-analytics
May 23, 2018, was a great day! Thank you, all.
Monday, June 18, 2018
Wednesday, May 16, 2018
Searching Blockchain with FreeEed
The Blockchain is composed of multiple blocks that can contain any information. However, it is not a database in a traditional sense: it is not fast, and it does not answer queries.
For example, the writing speed is one block every 10 minutes for Bitcoin and about one block every seven seconds for Ethereum. Queries, as such, do not exist at all: neither SQL nor NoSQL-type language is not provided.
Meanwhile, the information stored in Blockchain often needs to be searched. Here is a design pattern from CSIRO.
As of today, such a tool exists. FreeEed has been used by lawyers to do eDiscovery, legal reviewers, and researchers for all kinds of investigations. It allows you to give any data as input (see here) and indexes that data for searches. The data can be open Office files, PST mailboxes, a "load file" produced to lawyers due to an eDiscovery request, and Blockchain.
We are actively working on FreeEed all the time, adding input formats, processing capabilities, and machine learning. The tool is open source and welcomes new additions. The review part is called "FreeEed Review" and works through the browser.
The back end used to implement text search is Elasticsearch. This means that you can also look at the processed data through the mighty ELK (Elasticsearch, Logstash, Kibana), which is also open source.
Happy searching!
For example, the writing speed is one block every 10 minutes for Bitcoin and about one block every seven seconds for Ethereum. Queries, as such, do not exist at all: neither SQL nor NoSQL-type language is not provided.
Meanwhile, the information stored in Blockchain often needs to be searched. Here is a design pattern from CSIRO.
As of today, such a tool exists. FreeEed has been used by lawyers to do eDiscovery, legal reviewers, and researchers for all kinds of investigations. It allows you to give any data as input (see here) and indexes that data for searches. The data can be open Office files, PST mailboxes, a "load file" produced to lawyers due to an eDiscovery request, and Blockchain.
We are actively working on FreeEed all the time, adding input formats, processing capabilities, and machine learning. The tool is open source and welcomes new additions. The review part is called "FreeEed Review" and works through the browser.
The back end used to implement text search is Elasticsearch. This means that you can also look at the processed data through the mighty ELK (Elasticsearch, Logstash, Kibana), which is also open source.
Happy searching!
Monday, April 30, 2018
FreeEed with Elasticsearch (7.7.2 release)
Improvements in this version (7.7.2):
- Elasticsearch integration. Now the users get more open source tools to work with FreeEed: Elasticsearch, Logstash, and Kibana.
- Bug fixes, code refactoring.
- Go here http://freeeed.org/
Thursday, March 29, 2018
FreeEed 7.7.1 release
Here is what is new is FreeEed 7.7.1 release
- Restored deduplication
- Better email handling
- Separated processing engine code into its own project
- All UI forms done in IntelliJ, out of NetBeans and away from commercial editors
Enjoy!
Subscribe to:
Posts (Atom)