Enviar búsqueda
Cargar
(Fios#02) 2. elk 포렌식 분석
•
1 recomendación
•
478 vistas
INSIGHT FORENSIC
Seguir
F-INSIGHT OPEN SEMINAR
Leer menos
Leer más
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 42
Descargar ahora
Descargar para leer sin conexión
Recomendados
ELK stack at weibo.com
ELK stack at weibo.com
琛琳 饶
{{more}} Kibana4
{{more}} Kibana4
琛琳 饶
Logstash: Get to know your logs
Logstash: Get to know your logs
SmartLogic
On Centralizing Logs
On Centralizing Logs
Sematext Group, Inc.
Доклад Антона Поварова "Go in Badoo" с Golang Meetup
Доклад Антона Поварова "Go in Badoo" с Golang Meetup
Badoo Development
Using Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibana
Alejandro E Brito Monedero
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibana
dknx01
From zero to hero - Easy log centralization with Logstash and Elasticsearch
From zero to hero - Easy log centralization with Logstash and Elasticsearch
Rafał Kuć
Recomendados
ELK stack at weibo.com
ELK stack at weibo.com
琛琳 饶
{{more}} Kibana4
{{more}} Kibana4
琛琳 饶
Logstash: Get to know your logs
Logstash: Get to know your logs
SmartLogic
On Centralizing Logs
On Centralizing Logs
Sematext Group, Inc.
Доклад Антона Поварова "Go in Badoo" с Golang Meetup
Доклад Антона Поварова "Go in Badoo" с Golang Meetup
Badoo Development
Using Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibana
Alejandro E Brito Monedero
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibana
dknx01
From zero to hero - Easy log centralization with Logstash and Elasticsearch
From zero to hero - Easy log centralization with Logstash and Elasticsearch
Rafał Kuć
LogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesome
James Turnbull
LogStash in action
LogStash in action
Manuj Aggarwal
Logs management
Logs management
Mantas Klasavicius
Tuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for Logs
Sematext Group, Inc.
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
Publicis Sapient Engineering
Observable Node.js Applications - EnterpriseJS
Observable Node.js Applications - EnterpriseJS
Yunong Xiao
Large Scale Log collection using LogStash & mongoDB
Large Scale Log collection using LogStash & mongoDB
Gaurav Bhardwaj
Application Logging With The ELK Stack
Application Logging With The ELK Stack
benwaine
opentsdb in a real enviroment
opentsdb in a real enviroment
Chen Robert
Monitoring MySQL with OpenTSDB
Monitoring MySQL with OpenTSDB
Geoffrey Anderson
Fluentd meetup #2
Fluentd meetup #2
Treasure Data, Inc.
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
Waldemar Neto
'Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash'
Cloud Elements
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
ForgeRock
Logstash
Logstash
琛琳 饶
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Airat Khisamov
Programming Hive Reading #4
Programming Hive Reading #4
moai kids
Presto overview
Presto overview
Shixiong Zhu
Logstash family introduction
Logstash family introduction
Owen Wu
2017 meetup-apache-kafka-nov
2017 meetup-apache-kafka-nov
Florian Hussonnois
SANS @Night There's Gold in Them Thar Package Management Databases
SANS @Night There's Gold in Them Thar Package Management Databases
Phil Hagen
[Elasticsearch] 검색의 연관성 좀 더 높여보기
[Elasticsearch] 검색의 연관성 좀 더 높여보기
Hosang Jeon
Más contenido relacionado
La actualidad más candente
LogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesome
James Turnbull
LogStash in action
LogStash in action
Manuj Aggarwal
Logs management
Logs management
Mantas Klasavicius
Tuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for Logs
Sematext Group, Inc.
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
Publicis Sapient Engineering
Observable Node.js Applications - EnterpriseJS
Observable Node.js Applications - EnterpriseJS
Yunong Xiao
Large Scale Log collection using LogStash & mongoDB
Large Scale Log collection using LogStash & mongoDB
Gaurav Bhardwaj
Application Logging With The ELK Stack
Application Logging With The ELK Stack
benwaine
opentsdb in a real enviroment
opentsdb in a real enviroment
Chen Robert
Monitoring MySQL with OpenTSDB
Monitoring MySQL with OpenTSDB
Geoffrey Anderson
Fluentd meetup #2
Fluentd meetup #2
Treasure Data, Inc.
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
Waldemar Neto
'Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash'
Cloud Elements
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
ForgeRock
Logstash
Logstash
琛琳 饶
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Airat Khisamov
Programming Hive Reading #4
Programming Hive Reading #4
moai kids
Presto overview
Presto overview
Shixiong Zhu
Logstash family introduction
Logstash family introduction
Owen Wu
2017 meetup-apache-kafka-nov
2017 meetup-apache-kafka-nov
Florian Hussonnois
La actualidad más candente
(20)
LogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesome
LogStash in action
LogStash in action
Logs management
Logs management
Tuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for Logs
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
Observable Node.js Applications - EnterpriseJS
Observable Node.js Applications - EnterpriseJS
Large Scale Log collection using LogStash & mongoDB
Large Scale Log collection using LogStash & mongoDB
Application Logging With The ELK Stack
Application Logging With The ELK Stack
opentsdb in a real enviroment
opentsdb in a real enviroment
Monitoring MySQL with OpenTSDB
Monitoring MySQL with OpenTSDB
Fluentd meetup #2
Fluentd meetup #2
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
'Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash'
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Logstash
Logstash
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Programming Hive Reading #4
Programming Hive Reading #4
Presto overview
Presto overview
Logstash family introduction
Logstash family introduction
2017 meetup-apache-kafka-nov
2017 meetup-apache-kafka-nov
Destacado
SANS @Night There's Gold in Them Thar Package Management Databases
SANS @Night There's Gold in Them Thar Package Management Databases
Phil Hagen
[Elasticsearch] 검색의 연관성 좀 더 높여보기
[Elasticsearch] 검색의 연관성 좀 더 높여보기
Hosang Jeon
Elasticsearch 설치 및 기본 활용
Elasticsearch 설치 및 기본 활용
종민 김
[2D1]Elasticsearch 성능 최적화
[2D1]Elasticsearch 성능 최적화
NAVER D2
Logstash, ElasticSearch, Kibana
Logstash, ElasticSearch, Kibana
HyeonSeok Choi
XECon+PHPFest2014 발표자료 - ElasticSearch를 이용한 통합검색 구축방법 - 김훈민
XECon+PHPFest2014 발표자료 - ElasticSearch를 이용한 통합검색 구축방법 - 김훈민
XpressEngine
애자일은 반드시 없어져야 한다
애자일은 반드시 없어져야 한다
종범 고
서비스 모니터링 구현 사례 공유 - Realtime log monitoring platform-PMon을 ...
서비스 모니터링 구현 사례 공유 - Realtime log monitoring platform-PMon을 ...
Jemin Huh
엘라스틱서치, 로그스태시, 키바나
엘라스틱서치, 로그스태시, 키바나
종민 김
elasticsearch_적용 및 활용_정리
elasticsearch_적용 및 활용_정리
Junyi Song
What Makes Great Infographics
What Makes Great Infographics
SlideShare
Masters of SlideShare
Masters of SlideShare
Kapost
STOP! VIEW THIS! 10-Step Checklist When Uploading to Slideshare
STOP! VIEW THIS! 10-Step Checklist When Uploading to Slideshare
Empowered Presentations
You Suck At PowerPoint!
You Suck At PowerPoint!
Jesse Desjardins - @jessedee
10 Ways to Win at SlideShare SEO & Presentation Optimization
10 Ways to Win at SlideShare SEO & Presentation Optimization
Oneupweb
How To Get More From SlideShare - Super-Simple Tips For Content Marketing
How To Get More From SlideShare - Super-Simple Tips For Content Marketing
Content Marketing Institute
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...
SlideShare
How to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & Tricks
SlideShare
Destacado
(18)
SANS @Night There's Gold in Them Thar Package Management Databases
SANS @Night There's Gold in Them Thar Package Management Databases
[Elasticsearch] 검색의 연관성 좀 더 높여보기
[Elasticsearch] 검색의 연관성 좀 더 높여보기
Elasticsearch 설치 및 기본 활용
Elasticsearch 설치 및 기본 활용
[2D1]Elasticsearch 성능 최적화
[2D1]Elasticsearch 성능 최적화
Logstash, ElasticSearch, Kibana
Logstash, ElasticSearch, Kibana
XECon+PHPFest2014 발표자료 - ElasticSearch를 이용한 통합검색 구축방법 - 김훈민
XECon+PHPFest2014 발표자료 - ElasticSearch를 이용한 통합검색 구축방법 - 김훈민
애자일은 반드시 없어져야 한다
애자일은 반드시 없어져야 한다
서비스 모니터링 구현 사례 공유 - Realtime log monitoring platform-PMon을 ...
서비스 모니터링 구현 사례 공유 - Realtime log monitoring platform-PMon을 ...
엘라스틱서치, 로그스태시, 키바나
엘라스틱서치, 로그스태시, 키바나
elasticsearch_적용 및 활용_정리
elasticsearch_적용 및 활용_정리
What Makes Great Infographics
What Makes Great Infographics
Masters of SlideShare
Masters of SlideShare
STOP! VIEW THIS! 10-Step Checklist When Uploading to Slideshare
STOP! VIEW THIS! 10-Step Checklist When Uploading to Slideshare
You Suck At PowerPoint!
You Suck At PowerPoint!
10 Ways to Win at SlideShare SEO & Presentation Optimization
10 Ways to Win at SlideShare SEO & Presentation Optimization
How To Get More From SlideShare - Super-Simple Tips For Content Marketing
How To Get More From SlideShare - Super-Simple Tips For Content Marketing
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...
How to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & Tricks
Similar a (Fios#02) 2. elk 포렌식 분석
Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.key
Tim Bunce
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtime
Andrea Cardinale
16 artifacts to capture when there is a production problem
16 artifacts to capture when there is a production problem
Tier1 app
‘16 artifacts’ to capture when there is a production problem
‘16 artifacts’ to capture when there is a production problem
Tier1 app
Redis深入浅出
Redis深入浅出
ruoyi ruan
Osol Pgsql
Osol Pgsql
Emanuel Calvo
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek
PROIDEA
Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic Stack
Jakub Hajek
ETL with SPARK - First Spark London meetup
ETL with SPARK - First Spark London meetup
Rafal Kwasny
Elk scilifelab
Elk scilifelab
Guillermo Carrasco Hernández
"How about no grep and zabbix?". ELK based alerts and metrics.
"How about no grep and zabbix?". ELK based alerts and metrics.
Vladimir Pavkin
Don’t turn your logs into cuneiform
Don’t turn your logs into cuneiform
Andrey Rebrov
Jaap : node, npm & grunt
Jaap : node, npm & grunt
Bertrand Chevrier
Attack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and Kibana
Prajal Kulkarni
Java 어플리케이션 성능튜닝 Part1
Java 어플리케이션 성능튜닝 Part1
상욱 송
Large Scale Log Analytics with Solr: Presented by Rafał Kuć & Radu Gheorghe, ...
Large Scale Log Analytics with Solr: Presented by Rafał Kuć & Radu Gheorghe, ...
Lucidworks
Machine Learning and Logging for Monitoring Microservices
Machine Learning and Logging for Monitoring Microservices
Daniel Berman
Top-5-production-devconMunich-2023.pptx
Top-5-production-devconMunich-2023.pptx
Tier1 app
php & performance
php & performance
simon8410
Integrating ChatGPT with Apache Airflow
Integrating ChatGPT with Apache Airflow
Tatiana Al-Chueyr
Similar a (Fios#02) 2. elk 포렌식 분석
(20)
Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.key
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtime
16 artifacts to capture when there is a production problem
16 artifacts to capture when there is a production problem
‘16 artifacts’ to capture when there is a production problem
‘16 artifacts’ to capture when there is a production problem
Redis深入浅出
Redis深入浅出
Osol Pgsql
Osol Pgsql
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic Stack
ETL with SPARK - First Spark London meetup
ETL with SPARK - First Spark London meetup
Elk scilifelab
Elk scilifelab
"How about no grep and zabbix?". ELK based alerts and metrics.
"How about no grep and zabbix?". ELK based alerts and metrics.
Don’t turn your logs into cuneiform
Don’t turn your logs into cuneiform
Jaap : node, npm & grunt
Jaap : node, npm & grunt
Attack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and Kibana
Java 어플리케이션 성능튜닝 Part1
Java 어플리케이션 성능튜닝 Part1
Large Scale Log Analytics with Solr: Presented by Rafał Kuć & Radu Gheorghe, ...
Large Scale Log Analytics with Solr: Presented by Rafał Kuć & Radu Gheorghe, ...
Machine Learning and Logging for Monitoring Microservices
Machine Learning and Logging for Monitoring Microservices
Top-5-production-devconMunich-2023.pptx
Top-5-production-devconMunich-2023.pptx
php & performance
php & performance
Integrating ChatGPT with Apache Airflow
Integrating ChatGPT with Apache Airflow
Más de INSIGHT FORENSIC
(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics
INSIGHT FORENSIC
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)
INSIGHT FORENSIC
(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)
INSIGHT FORENSIC
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
INSIGHT FORENSIC
(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend
INSIGHT FORENSIC
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
INSIGHT FORENSIC
(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts
INSIGHT FORENSIC
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
INSIGHT FORENSIC
(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch
INSIGHT FORENSIC
(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석
INSIGHT FORENSIC
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
INSIGHT FORENSIC
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
INSIGHT FORENSIC
(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis
INSIGHT FORENSIC
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls
INSIGHT FORENSIC
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)
INSIGHT FORENSIC
(130202) #fitalk china threat
(130202) #fitalk china threat
INSIGHT FORENSIC
(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics
INSIGHT FORENSIC
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat
INSIGHT FORENSIC
(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery
INSIGHT FORENSIC
(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)
INSIGHT FORENSIC
Más de INSIGHT FORENSIC
(20)
(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch
(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk china threat
(130202) #fitalk china threat
(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery
(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)
Último
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
AndikSusilo4
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
OnBoard
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
Softradix Technologies
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
HostedbyConfluent
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
ThousandEyes
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Último
(20)
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
(Fios#02) 2. elk 포렌식 분석
1.
FORENSIC INSIGHT; DIGITAL
FORENSICS COMMUNITY IN KOREA ELK Forensics demantos demantos@gmail.com http://malwarel4b.blogspot.kr Cho Hoon
2.
forensicinsight.org Page Table
of Contents 2 ▪ Introduction
3.
▪ How
4.
It
5.
Works
6.
▪ Logstash
7.
▪ Elasticsearch
8.
▪ Kibana
9.
▪ ELK
10.
for
11.
Analysis
12.
▪ ELK
13.
for
14.
Windows
15.
Event
16.
Log
17.
▪ Performance
18.
Test
19.
▪ Future
20.
Work
21.
▪ Reference
22.
▪ QA
23.
forensicinsight.org Page Introduction 3
24.
forensicinsight.org Page Introduction 4
25.
forensicinsight.org Page How
It Works 5 Logstash ElasticSearch Kibana •web
26.
log
27.
(apache,
28.
iis,
29.
…⋯)
30.
•mail
31.
log
32.
•mactime
33.
•microsoft
34.
event
35.
log
36.
•syslog
37.
•plaso
38.
•supertimeline
39.
•and
40.
more •grok
41.
•date
42.
•geoip
43.
•translate
44.
•mutate
45.
•…⋯ input parse/filter output 1 2 3 1 2 3 4 4 node primary
46.
shard replica
47.
shard File
48.
or
49.
Network
50.
forensicinsight.org Page How
It Works 6 Shipper
51.
#1
52.
iptables
53.
+
54.
apache2
55.
+
56.
syslog Shipper
57.
#2
58.
iptables
59.
+
60.
syslog Shipper
61.
#3 iptables
62.
+
63.
apache2
64.
+
65.
syslog Redis Logstash Elasticsearch
Kibana Indexer Reads
66.
data
67.
from
68.
Redis Store
69.
data
70.
in
71.
Elasticsearch Reads
72.
data
73.
from
74.
ES
75.
forensicinsight.org Page Logstash 7 ▪
로그
76.
수집,
77.
중앙화,
78.
파싱,
79.
저장,
80.
검색을
81.
위한
82.
통합
83.
프레임웍
84.
▪ Raw
85.
Data를
86.
받아서
87.
지정된
88.
형식으로
89.
파싱해서
90.
Elasticsearch로
91.
전달
92.
▪ 입력
93.
받은
94.
데이터는
95.
지정된
96.
index명으로
97.
인덱싱되며,
98.
Elasticsearch에서
99.
index명을
100.
통해
101.
데이터
102.
조회
103.
가능
104.
▪ 주요
105.
설정
106.
파일
107.
• /etc/default/logstash
108.
✓ logstash
109.
성능
110.
및
111.
환경설정
112.
관련
113.
설정
114.
파일
115.
• /etc/logstash/conf.d/*.conf
116.
✓ logstash
117.
입력,
118.
필터,
119.
출력
120.
설정
121.
파일
122.
forensicinsight.org Page Logstash 8 ▪
/etc/default/logstash
123.
• LS_OPTS=-w
124.
4
125.
✓ CPU
126.
코어의
127.
개수를
128.
지정하여
129.
작업
130.
성능
131.
향상
132.
• LS_HEAP_SIZE=500m
133.
✓ logstash
134.
프로세스가
135.
사용할
136.
메모리
137.
사이즈 logstash 18235
1 99 10:15 ? 01:38:31 /usr/bin/java -‐Djava.io.tmpdir=/var/lib/logstash -‐Xmx500m -‐XX:+UseParNewGC -‐XX:+UseConcMarkSweepGC -‐Djava.awt.headless=true -‐ XX:CMSInitiatingOccupancyFraction=75 -‐XX:+UseCMSInitiatingOccupancyOnly -‐jar /opt/logstash/ vendor/jar/jruby-‐complete-‐1.7.11.jar -‐I/opt/logstash/lib /opt/logstash/lib/logstash/runner.rb agent -‐f /etc/logstash/conf.d -‐l /var/log/logstash/logstash.log -‐w 4
138.
forensicinsight.org Page Logstash 9 ▪
/etc/logstash/conf.d/*.conf
139.
• 데이터를
140.
어떻게
141.
받을
142.
것인지
143.
• 받은
144.
데이터를
145.
어떻게
146.
파싱할
147.
것인지
148.
• 파싱된
149.
데이터를
150.
어디로
151.
전달할
152.
것인지 input parse/filter output collectd,drupal_dblog,elasticsearch,eventlog,exec,file, ganglia, gelf,
gemfire, generator, graphite, heroku, imap, invalid_input, irc, jmx, log4j, lumberjack, pipe, puppet_facter, rabbitmq, rackspace, redis, relp, s3, snmptrap, sqlite, sqs, stdin, stomp, syslog, tcp, twitter, udp, unix, varnishlog, websocket, wmi, xmpp, zenoss, zeromq advisor, alter, anonymize, checksum, cidr, cipher, clone, collate, csv, date, dns, drop, elapsed, elasticsearch, environment, extractnumbers, fingerprint, gelfify, geoip, grep, grok, grokdiscovery, i18n, json, json_encode, kv, metaevent, metrics, multiline, mutate, noop, prune, punct, railsparallelrequest, range, ruby, sleep, split, sumnumbers, syslog_pri, throttle, translate, unique, urldecode, useragent, uuid, wms, wmts, xml, zeromq boundary, circonus, cloudwatch, csv, datadog, datadog_metrics, elasticsearch, elasticsearch_http, elasticsearch_river, email, exec, file, ganglia, gelf, gemfire, google_bigquery, google_cloud_storage, graphite, graphtastic, hipchat, http, irc, jira, juggernaut, librato, loggly, lumberjack, metriccatcher, mongodb, nagios, nagios_nsca, null, opentsdb, pagerduty, pipe, rabbitmq, rackspace, redis, redmine, riak, riemann, s3, sns, solr_http, sqs, statsd, stdout, stomp, syslog, tcp, udp, websocket, xmpp, zabbix, zeromq [참고]
153.
http://logstash.net/docs/1.4.2/
154.
forensicinsight.org Page Logstash 10 input
{ tcp { type = apache port = 18080 } } filter { if [type] == apache { grok { match = { message = %{COMBINEDAPACHELOG} } } date { match = [ timestamp, dd/MMM/yyyy:HH:mm:ss Z ] } } } output { if [type] == apache { elasticsearch { index = logstash-‐iistest02 host = localhost } } } Block Block Block plugin
155.
forensicinsight.org Page Logstash 11 ▪
Input
156.
• logstash는
157.
지정된
158.
포트를
159.
오픈하고
160.
유입되는
161.
데이터를
162.
받아서
163.
다음
164.
과정으로
165.
전달한다.
166.
• cat /IIS/W3C1234/ex*
| nc -‐vv localhost 18003 input { tcp { type = w3c_extended_iis port = 18003 } } input { syslog { type = syslog port = 5514 } }
167.
forensicinsight.org Page Logstash 12 ▪
Filter filter { if [type] == w3c_extended_iis { # drop comment lines if ([message] =~ /^#/) { drop{} } csv { columns = [date, time, s_ip, cs_method, cs_uri_stem, cs_uri_query, s_port, cs_username, c_ip, cs_user_agent, sc_status, sc_substatus, sc_win32_status, time_taken] separator = } mutate { merge = [date, time] } mutate { join = [date, ] } date { match = [date, YYYY-‐MM-‐dd HH:mm:ss ] timezone = ['UTC'] } geoip { source = c_ip }
168.
forensicinsight.org Page Logstash 13 ▪
Filter # extract macb info if (m in [macb]) { mutate { add_tag = [modified] } } if (a in [macb]) { mutate { add_tag = [accessed] } } if (c in [macb]) { mutate { add_tag = [changed] } } if (b in [macb]) { mutate { add_tag = [birth] } } # extract file extension grok { match = [path, (?filename[^/]+?)?$] } grok { match = [filename, ((.(?ext[^./]+))?)?$] } mutate { lowercase = [ext] remove_field = [message, perms, uid, gid] } } }
169.
forensicinsight.org Page Logstash 14 ▪
Filter
170.
-
171.
grok
172.
• 정규표현식을
173.
이용하여
174.
임의의
175.
문자열이나
176.
구조를
177.
파싱할
178.
수
179.
있는
180.
플러그인
181.
• 공식적으로
182.
배포하는
183.
다양한
184.
정규표현식
185.
존재
186.
✓ https://github.com/logstash-plugins/logstash-patterns-core/tree/master/patterns
187.
• 구조
188.
• 다양한
189.
형태의
190.
로그(멀티
191.
라인
192.
로그
193.
포함)의
194.
파싱
195.
가능
196.
• 필요한
197.
경우
198.
정규표현식을
199.
이용하여
200.
직접
201.
만들어서
202.
사용
203.
가능 %{syntax:semantic} SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY}
)?%{SYSLOGHOST:logsource} %{SYSLOGPROG}: COMMONAPACHELOG %{IPORHOST:clientip} %{USER:ident} %{USER:auth} [%{HTTPDATE:timestamp}] (?:%{WORD:verb} % {NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest}) %{NUMBER:response} (?:%{NUMBER:bytes}|-‐) COMBINEDAPACHELOG %{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}
204.
forensicinsight.org Page ▪
Filter
205.
-
206.
grok Logstash 15 Dec 26 10:45:01
localhost postfix/pickup[27869]: 841D26FFA8: uid=0 from=root %{SYSLOGTIMESTAMP:timestamp} %{SYSLOGHOST:hostname} postfix/(?component[w._/%-‐]+) (?:[%{POSINT:pid}]): (?queueid[0-‐9A-‐F]{,11}): %{GREEDYDATA:message} Built-in
207.
pattern User
208.
defined
209.
pattern
210.
forensicinsight.org Page Logstash 16 ▪
Filter
211.
-
212.
grok
213.
• grok
214.
Test
215.
App
216.
:
217.
http://grokdebug.herokuapp.com
218.
forensicinsight.org Page Logstash 17 ▪
Filter
219.
-
220.
grok
221.
• grok
222.
223.
constructor
224.
:
225.
http://grokconstructor.appspot.com/
226.
forensicinsight.org Page Logstash 18 ▪
Filter
227.
-
228.
useragent if [cs_user_agent] !=
{ useragent { source = cs_user_agent prefix = user_agent. }
229.
forensicinsight.org Page Logstash 19 ▪
Filter
230.
-
231.
geoip geoip {
source = c_ip
232.
forensicinsight.org Page Logstash 20 ▪
Output
233.
• elasticsearch
234.
플러그인의
235.
index
236.
옵션에
237.
지정된
238.
이름으로
239.
인덱싱이
240.
되며,
241.
이후
242.
Elasticsearch에서
243.
해당
244.
index명을
245.
이용하여
246.
화면에
247.
출력
248.
• 한번
249.
인덱싱된
250.
데이터의
251.
index는
252.
변경이
253.
불가능 output {
if [type] == w3c_extended_iis { elasticsearch { index = logstash-‐%{[type]}-‐%{+YYYY.MM.dd} host = localhost } } }
254.
forensicinsight.org Page Elasticsearch 21 ▪
Apache
255.
Lucene(1)
256.
기반으로
257.
인덱싱
258.
데이터
259.
검색
260.
▪ RESTfully
261.
as
262.
JSON
263.
over
264.
HTTP
265.
▪ 다양한
266.
용도의
267.
API(2)
268.
제공
269.
▪ 플러그인(HQ,
270.
Head)을
271.
이용하여
272.
웹을
273.
통해
274.
cluster,
275.
node,
276.
indices
277.
등의
278.
정보를
279.
쉽게
280.
확인
281.
가능
282.
▪ 주요
283.
설정
284.
파일
285.
• /etc/default/elasticsearch
286.
✓ 성능
287.
및
288.
환경설정
289.
관련
290.
설정
291.
파일
292.
• /etc/elasticsearch/elasticsearch.yml
293.
✓ ES
294.
인덱싱
295.
관련
296.
설정
297.
파일
298.
▪ Elasticsearch
299.
vs
300.
RDBMS Elasticsearch RDBMS Index Database Type
Table Document Row Field Column (1)
301.
http://lucene.apache.org/
302.
(2)
303.
http://www.elastic.co/guide/en/elasticsearch/reference/current/index.html 1 2 3 1 2 3 4 4
304.
forensicinsight.org Page Elasticsearch 22 ▪
/etc/default/elasticsearch
305.
• ES_HEAP_SIZE=4g
306.
✓ elasticsearch
307.
프로세스가
308.
사용할
309.
메모리
310.
사이즈
311.
✓ 물리
312.
메모리
313.
사이즈의
314.
절반(최대
315.
32GB)
316.
• MAX_LOCKED_MEMORY=unlimited
317.
✓ Maximum
318.
locked
319.
memory
320.
size
321.
✓ 메모리
322.
스왑
323.
방지를
324.
위해
325.
elasticsearch.yml의
326.
옵션
327.
중
328.
bootstrap.mlockall
329.
옵션을
330.
true로
331.
사용할
332.
경우
333.
이
334.
값을
335.
unlimited 로
336.
설정해야
337.
함
338.
✓ ES_HEAP_SIZE도
339.
설정해야
340.
함 elastic+ 8363
1848 8 15:51 ? 00:02:13 /usr/lib/jvm/java-‐7-‐openjdk-‐amd64//bin/java -‐Xms4g -‐Xmx4g -‐ Xss256k -‐Djava.awt.headless=true -‐XX:+UseParNewGC -‐XX:+UseConcMarkSweepGC -‐XX:CMSInitiatingOccupancyFraction=75 -‐XX:+UseCMSInitiatingOccupancyOnly -‐XX:+HeapDumpOnOutOfMemoryError -‐XX:+DisableExplicitGC -‐Dfile.encoding=UTF-‐8 -‐Delasticsearch -‐Des.pidfile=/var/run/elasticsearch.pid -‐Des.path.home=/usr/share/elasticsearch -‐cp :/usr/ share/elasticsearch/lib/elasticsearch-‐1.4.4.jar:/usr/share/elasticsearch/lib/*:/usr/share/elasticsearch/lib/ sigar/* -‐Des.default.config=/etc/elasticsearch/elasticsearch.yml -‐Des.default.path.home=/usr/share/ elasticsearch -‐Des.default.path.logs=/var/log/elasticsearch -‐Des.default.path.data=/var/lib/elasticsearch -‐ Des.default.path.work=/tmp/elasticsearch -‐Des.default.path.conf=/etc/elasticsearch org.elasticsearch.bootstrap.Elasticsearch
341.
forensicinsight.org Page Elasticsearch 23 ▪
/etc/elasticsearch/elasticsearch.yml
342.
• 별도의
343.
설정을
344.
변경하지
345.
않아도
346.
무방함
347.
• but,
348.
인덱싱
349.
등의
350.
성능
351.
향상을
352.
위해서
353.
몇가지
354.
설정을
355.
해주어야
356.
함
357.
• index.number_of_shards •
index.number_of_replicas • indices.memory.index_buffer_size • index.store.type • index.translog.flush_threshold_ops • index.refresh_interval • bootstrap.mlockall
358.
forensicinsight.org Page Elasticsearch 24 ▪
Tokenization
359.
• ES는
360.
사전에
361.
정의된
362.
토큰(공백,
363.
점,
364.
콤마
365.
등)을
366.
이용해서
367.
입력된
368.
데이터를
369.
분할하여
370.
인덱싱
371.
• User-Agent,
372.
국가명
373.
등에는
374.
공백이
375.
포함되어
376.
있어
377.
비정상적으로
378.
출력됨
379.
✓ 새로운
380.
인덱스
381.
생성시
382.
각각의
383.
필드에
384.
.raw라는
385.
새로운
386.
필드를
387.
추가로
388.
생성하게
389.
하여
390.
이러한
391.
문제
392.
해결
393.
가능
394.
• .raw
395.
필드가
396.
생성되게
397.
하기
398.
위해서는
399.
index명이
400.
logstash-로
401.
시작해야
402.
함
403.
forensicinsight.org Page Elasticsearch 25
404.
forensicinsight.org Page Elasticsearch 26
405.
forensicinsight.org Page Kibana 27
406.
forensicinsight.org Page ELK
for Analysis 28
407.
forensicinsight.org Page ELK
for Analysis 29 File A File B File C
408.
forensicinsight.org Page ELK
for Analysis 30 ▪ ELK는
409.
로그
410.
분석
411.
및
412.
모니터링
413.
도구이다.
414.
▪ 모니터링
415.
도구로만
416.
사용할
417.
수
418.
있는가?
419.
• 포렌식
420.
관점에서도
421.
사용
422.
가능
423.
• 텍스트
424.
데이터의
425.
시각화를
426.
통한
427.
이점
428.
존재
429.
• plaso와
430.
같은
431.
도구를
432.
이용하여
433.
타임라인
434.
데이터
435.
생성
436.
후
437.
ELK
438.
활용
439.
가능
440.
▪ 분석
441.
방법론
442.
필요
443.
• mactime,
444.
timeline
445.
데이터를
446.
이용하여
447.
분석할
448.
경우
449.
방법론
450.
필요
451.
• 특정
452.
방법론을
453.
적용하여
454.
시간의
455.
범위를
456.
좁혀
457.
가면서
458.
분석
459.
forensicinsight.org Page ELK
for Windows Event Log 31 ▪ nxlog
460.
• 오픈소스
461.
로그
462.
관리
463.
도구
464.
• 윈도우
465.
시스템에
466.
서비스
467.
형태로
468.
설치/동작
469.
• 다양한
470.
형태의
471.
로그
472.
파싱
473.
모듈
474.
보유 define ROOT
C:Program Files (x86)nxlog Moduledir %ROOT%modules CacheDir %ROOT%data Pidfile %ROOT%datanxlog.pid SpoolDir %ROOT%data LogFile %ROOT%datanxlog.log Extension json Module xm_json /Extension # Windows Event Log Input eventlog Module im_msvistalog # Module im_mseventlog Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json(); /Input Output out Module om_tcp Host 192.168.1.126 Port 3515 /Output Route 1 Path internal, eventlog = out /Route Input Processor Output im_xxx pm_xxx om_xxx
475.
forensicinsight.org Page ELK
for Windows Event Log 32 ▪ nxlog
476.
• 필요한
477.
경우
478.
이벤트
479.
로그를
480.
필터링하여
481.
전송
482.
가능 Input in
Module im_msvistalog Exec if ($TargetUserName == 'SYSTEM') OR ($EventType == 'VERBOSE') drop(); /Input Input unix Module im_uds uds /dev/log /Input Processor filter Module pm_filter Condition $raw_event =~ /failed/ or $raw_event =~ /error/ /Processor Output out Module om_file File /var/log/error /Output Route 1 Path unix = filter = out /Route
483.
forensicinsight.org Page ELK
for Windows Event Log 33 binary json
484.
forensicinsight.org Page ELK
for Windows Event Log 34
485.
forensicinsight.org Page ELK
for Windows Event Log 35
486.
forensicinsight.org Page ELK
for Windows Event Log 36
487.
forensicinsight.org Page ELK
for Windows Event Log 37
488.
forensicinsight.org Page Performance
Test 38 Case #1 (default) Case #2 Case #2’ Case #3 Case #3’ Case #4 Case #4’ index.number_of_replicas 1 1 1 0 index.number_of_shards 5 3 3 1 index.translog.flush_threshold_ops 5000 50000 50000 50000 index.refresh_interval 5s 30s 30s -1 indices.memory.index_buffer_size 10% 30% 50% 50% index.store.type % mmapfs mmapfs mmapfs bootstrap.mlockall - - TRUE TRUE MAX_LOCKED_MEMORY - - unlimited unlimited indexing duration 180m 168m 135m 174m 143m 165m 145m docs / primary size 9,600,201/3.0GB 9,600,201/2.8GB 9,600,201/2.7GB 9,600,201/2.7GB 9,600,201/2.7GB 9,600,201/2.7GB 9,600,201/2.7GB indexing duration 65m 67m 48m 67m 48m 59m 49m docs / primary size 3,303,249/926.5M 3,303,249/888.1M 3,303,249/889.6M 3,303,249/886.7M 3,303,249/890.4M 3,303,249/894.0M 3,303,249/983.4M • 테스트
489.
시스템
490.
사양
491.
Intel(R) Core(TM) i5-‐2540M
2.60GHz (4 Core)/ 8G RAM / Ubuntu 14.04.2 LTS 64bit • 공통
492.
설정
493.
/etc/default/elasticsearch : ES_HEAP_SIZE=4g
/etc/default/logstash : LS_HEAP_SIZE=500m / LS_OPTS=-‐w 4 raw data 2.2G raw data 828M • 일반
494.
케이스는
495.
로그
496.
데이터
497.
전송과
498.
동시에
499.
indices가
500.
자동으로
501.
생성되게끔
502.
하여
503.
테스트
504.
• 각
505.
케이스별
506.
추가
507.
케이스는
508.
indices의
509.
설정값이
510.
config
511.
파일에
512.
설정된
513.
것과
514.
다르게
515.
표시되어
516.
인덱스를
517.
수동으로
518.
생성하고
519.
일부
520.
설정을
521.
API를
522.
통해서
523.
수정한
524.
후
525.
로그
526.
데이터를
527.
전송
528.
• 각각의
529.
테스트는
530.
로그
531.
데이터를
532.
인덱싱
533.
중인
534.
indices만
535.
open하고,
536.
다른
537.
indices들은
538.
모두
539.
close된
540.
상태에서
541.
수행하였음
542.
forensicinsight.org Page Performance
Monitoring 39 Marvel
543.
forensicinsight.org Page Future
Work 40 ▪ 현장에서
544.
활용
545.
가능한
546.
방안은?
547.
• 로그
548.
사이즈(레코드
549.
개수)에
550.
따라서
551.
분석
552.
시간이
553.
달라짐
554.
• 현장에서
555.
로그를
556.
인덱싱해서
557.
분석하기엔
558.
노트북
559.
성능이
560.
좋지
561.
않음
562.
▪ 다양한
563.
형태의
564.
원시
565.
데이터를
566.
파싱할
567.
수
568.
있는
569.
logstash
570.
config
571.
파일
572.
준비
573.
• 윈도우
574.
이벤트
575.
로그
576.
• 메모리
577.
덤프에서
578.
추출된
579.
데이터
580.
• 침해사고
581.
아티팩트
582.
• plaso/log2timeline
583.
설정
584.
파일
585.
수정
586.
필요
587.
▪ Elasticsearch의
588.
설정값
589.
및
590.
API에
591.
대한
592.
연구
593.
필요
594.
• 인덱싱
595.
속도에
596.
영향을
597.
많이
598.
미치는
599.
것으로
600.
판단됨
601.
▪ Timeline
602.
데이터의
603.
시각화
604.
이후
605.
분석
606.
방법론
607.
필요
608.
▪ NT
609.
계열
610.
(Windows
611.
2003)
612.
이벤트
613.
로그의
614.
비정상적인
615.
파싱
616.
문제
617.
해결
618.
forensicinsight.org Page Reference 41 ▪
ElasticSearch
619.
and
620.
Logstash
621.
Tuning
622.
• http://jablonskis.org/2013/elasticsearch-and-logstash-tuning/index.html
623.
▪ Finding
624.
the
625.
needle
626.
in
627.
the
628.
haystack
629.
with
630.
ELK
631.
• https://digital-forensics.sans.org/summit-archives/dfirprague14/ Finding_the_Needle_in_the_Haystack_with_FLK_Christophe_Vandeplas.pdf
632.
▪ Elasticsearch
633.
-
634.
Advanced
635.
settings
636.
and
637.
Tweaks
638.
• http://kufli.blogspot.kr/2014/11/elasticsearch-advanced-settings-and.html
639.
▪ Elasticsearch,
640.
Logstash
641.
642.
Kibana
643.
-
644.
Kevin
645.
Kluge
646.
• http://www.socallinuxexpo.org/scale12x-supporting/default/files/presentations/Scale12x%20-%20Intro%20to %20Elasticsearch%20(Kluge).pdf
647.
▪ Elasticsearch
648.
-
649.
Shard
650.
651.
Replica
652.
• https://guruble.wordpress.com/2014/02/23/elasticsearch-2-shard-replica/
653.
▪ Collect
654.
655.
visualize
656.
your
657.
logs
658.
with
659.
Logstash,
660.
Elasticsearch
661.
662.
Redis
663.
• http://michael.bouvy.net/blog/en/2013/11/19/collect-visualize-your-logs-logstash-elasticsearch-redis-kibana/
664.
▪ Logstash
665.
/
666.
Elasticsearch
667.
/
668.
Kibana
669.
for
670.
Windows
671.
Event
672.
Logs
673.
• http://www.ragingcomputer.com/2014/02/logstash-elasticsearch-kibana-for-windows-event-logs
674.
▪ Many
675.
slides
676.
on
677.
Slideshare
678.
and
679.
Many
680.
article
681.
on
682.
google
683.
search
684.
forensicinsight.org Page Question
and Answer
Descargar ahora