1
00:00:02,500 --> 00:00:08,580
In this lecture I will give a brief introduction about Elsa.

2
00:00:08,810 --> 00:00:10,310
So what is Elsa.

3
00:00:11,120 --> 00:00:12,840
Elsa or enterprise.

4
00:00:12,850 --> 00:00:20,960
Look search and archive easy centralize this lock framework that is based on CIS look e.g. my squirrel

5
00:00:21,030 --> 00:00:28,430
and two things full text search that provides you fully synchronous with paste query interface that

6
00:00:28,640 --> 00:00:34,850
normalizes logs and makes searching billions of them for our particularly strings as easy as searching

7
00:00:34,850 --> 00:00:36,100
that way.

8
00:00:36,410 --> 00:00:43,880
It includes tools to assign permissions for viewing the logs and email based alerts spiritual queries

9
00:00:44,240 --> 00:00:45,320
and graphing

10
00:00:49,690 --> 00:00:59,380
Elsa is an IBM product and is IBM or Security Information and Event Management is the glue for various

11
00:00:59,380 --> 00:01:07,030
security tools it can provide information in both real time alerts and historical reports that summarize

12
00:01:07,060 --> 00:01:08,670
the security status of our time.

13
00:01:09,520 --> 00:01:16,560
Typically on the order of months rather than days the main is IBM.

14
00:01:16,560 --> 00:01:26,680
Functions include log collection of event records from sources throughout the organization.

15
00:01:26,710 --> 00:01:35,890
Look for normalization to map log messages from different systems to incoming data model logs correlation

16
00:01:36,070 --> 00:01:44,830
to speed the detection of and reaction to security threats log aggregation to reduce the volume of event

17
00:01:44,830 --> 00:01:52,660
data to be analyzed and finally reporting tools to address regulation compliance reporting requirements

18
00:01:57,290 --> 00:02:03,330
so Elsa is an open source centralized sis LOC compiler and search query too.

19
00:02:03,890 --> 00:02:10,400
It provides many of the functions that are typically found within most of the commercially available

20
00:02:10,490 --> 00:02:13,050
as IBM products.

21
00:02:13,100 --> 00:02:21,390
Examples of those products are Splunk Enterprise Security IBM security curator Luke raison and sonar

22
00:02:21,390 --> 00:02:25,980
wine slog and Event Manager when walking with Elsa.

23
00:02:25,980 --> 00:02:31,730
You can accomplish the same task using multiple ways which I will explain how to do.

24
00:02:31,770 --> 00:02:33,300
In the following pictures

25
00:02:37,910 --> 00:02:47,420
Elsa as an as I am provides look normalization which is the process of manipulating security in data

26
00:02:47,690 --> 00:02:56,200
and tweeting into a common schema Elsa has bar source that work with each of the data sources.

27
00:02:59,710 --> 00:03:06,700
Examples of those data sources are broad which is an intrusion detection system program that is different

28
00:03:06,700 --> 00:03:13,270
from the typical ideas snort which is the most widely deployed intrusion detection and prevention system

29
00:03:13,280 --> 00:03:14,350
technology worldwide.

30
00:03:15,350 --> 00:03:16,100
Sorry Carter.

31
00:03:16,250 --> 00:03:23,960
Which is an open source next generation intrusion detection and prevention engine and SEC which is host

32
00:03:23,960 --> 00:03:29,500
based intrusion detection system in the first part of how to work with Elsa.

33
00:03:29,630 --> 00:03:33,950
We will see how to get logs from all about network connections

34
00:03:38,250 --> 00:03:46,020
look summarization easy data mining technique in which compact descriptions of key data set qualities

35
00:03:46,050 --> 00:03:57,540
are produced summarized data is often displayed in the graphical format or in tabular format summarization

36
00:03:57,840 --> 00:04:05,010
is implemented with Elsa queries by using the group by directive or close which can be based on source

37
00:04:05,400 --> 00:04:08,860
or destination IP addresses or boards for example.

38
00:04:12,770 --> 00:04:17,910
Look summarization allows us to find the most interesting or suspicious traffic.

39
00:04:18,110 --> 00:04:25,520
For example the traffic from the most active host in the second part of how to work with Elsa we will

40
00:04:25,520 --> 00:04:30,250
see how to get summary report based on the source IP address.

41
00:04:30,380 --> 00:04:38,080
These can be done in the query field by clicking on certain links or by using certain dropdown menus.

42
00:04:41,910 --> 00:04:48,570
Local delegation easy data mining technique where data is gathered to get more information about particular

43
00:04:48,720 --> 00:04:57,140
variables aggregation can be better performed by bullying or records that share a single common variable.

44
00:04:57,660 --> 00:05:02,550
For example also it may be equated with simply an IP address

45
00:05:06,720 --> 00:05:13,290
log aggregation allows us to focus our analysis on the records of the most interesting or suspicious

46
00:05:13,290 --> 00:05:19,900
traffic found using log summarization in the first part of how to work with Elsa.

47
00:05:20,360 --> 00:05:25,980
We will see how to get the records of each CBC fix source IP address.

48
00:05:26,090 --> 00:05:33,560
Again this can be done in the query field by clicking on certain links or by using certain dropdown

49
00:05:33,560 --> 00:05:37,670
menus saw in the in this picture.

50
00:05:37,750 --> 00:05:45,310
I have given you a brief introduction about Asia and in the next lecture I will start explaining how

51
00:05:45,310 --> 00:05:46,780
to work with Asia.

52
00:05:46,840 --> 00:05:47,710
In practice.