October 12, 2021
Los Angeles, California + Virtual
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2021 - Los Angeles, CA + Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -7. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change through Monday, September 13 due to schedule changes that will be made as speakers finalize whether speaking in person or virtually.
Back To Schedule
Tuesday, October 12 • 3:45pm - 4:15pm
Security Logging Use Cases: Building an Open-Source SIEM- Jonah Kowall, Logz.io

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Understanding threats is the goal of a SIEM, which collects, enriches, and correlates events and threats. Learn how to build an open-source SIEM with Fluentd and Fluent Bit. SIEMs primary challenge is data collection and scale. Security infrastructure generates diverse data. We will cover data sources along with how to parse and security signals. We will provide real-world examples of how these data collection systems are used to bring together security data into an open-source SIEM. Learn how extracting metrics from logs with Fluentd can provide additional data to understand your organization’s security posture. The EFK Stack is very popular for log analytics. This includes the life cycle of collection, indexing, and storing them. Log data is valuable, but use cases for logging are operational for observability and debugging. The security world typically uses other tools, but building it on top of the same logging stack is efficient. SIEM takes a centralized approach to collection, enrichment, and analysis. As we know in today’s environments, we must ultimately federate this work to the edge to reduce data volumes and take action faster. While this is not something that SIEMs do today, it’s something that the future SIEM and technologies like Fluentd will provide.

avatar for Jonah Kowall

Jonah Kowall

CTO, Logz.io
Jonah Kowall a computer scientist and open-source contributor committing code to observability projects and such as OpenSearch, Jaeger, and OpenTelemetry. Throughout 15 years as a practitioner and manager across startups and large enterprises specialized in operations, security, and... Read More →

Tuesday October 12, 2021 3:45pm - 4:15pm PDT
Concourse Hall 152 + Online