Loading…
DevConf.CZ 2019 has ended

Sunday, January 27 • 9:00am - 9:50am
Scale Your Auditing Events

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
The Linux Audit daemon is responsible for writing audit records to the disk, which you can then access with ausearch and aureport. However, it turned out that parsing and centralizing these records is not as easy as you would hope. Elastic's new Auditbeat fixes this by keeping the original configuration, but ships them to a centralized location where you can easily visualize all events. You can also use Auditbeat to detect changes to critical files, like binaries and configuration files, and identify potential security policy violations. This talk shows you what can you do to discover changes, events, and potential security breaches as soon as possible on interactive dashboards. Additionally, we are combining Auditd events with logs, which are security relevant.

Speakers
avatar for PHILIPP KRENN

PHILIPP KRENN

DEVELOPER (ADVOCATE)
Philipp is part of the infrastructure team and a developer advocate at Elastic. He is frequently talking about full-text search, databases, operations, and security. Additionally, he is organizing multiple meetups in Vienna.


Auditd pdf

Sunday January 27, 2019 9:00am - 9:50am
E112

Attendees (35)