Realtime cyber alerting presented at bsideswellington 2017

by Jeremy Stott,

Summary : Getting tired of not looking at dashboards? Inbox full of alerts you send to trash? Your latest idea of using captchas to crowdsource screening for suspicious logs didn't take off? Well don't fear. You can achieve maximum cyber visibility with StreamAlert. Created by the clever folks at Airbnb, it enables realtime alerting on activity in your infrastructure, logs, hosts, developer machines or well anything really.
This talk is about:
How to deploy StreamAlert to AWS using Terraform.
Connecting your access logs to StreamAlert.
Writing your own rules in Python.
Connecting those rules to a Slack and PagerDuty.
Well, things didn't stop there. Jeremy went ahead and connected a few unconventional outputs to some alerts...