This event has ended. Visit the official site or create your own event on Sched.
Back To Schedule
Friday, October 11 • 11:00am - 12:00pm
ET-1212 Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

This presentation shows how to use Splunk to provide the analyst with a comprehensive vision of AWS/GCP/Azure security posture. Presenters will outline how to ingest the audit data provided by open source tool Cloud Security Suite into Splunk to analyze cloud vulnerability, harden multi-cloud deployments and visualize multi-cloud threat surface. Presenters will also demonstrate use cases based on Splunk knowledge objects (Tables, Dashboards, Alerts, Field extractions, Lookups, etc), in order to take advantage of the information provided by various supporting tools like Scout2 and G-Scout projects for cloud API auditing.
  • Introduction to security in the cloud
  • Cloud provider responsibilities vs customer responsibilities
  • Historic Cloud attacks (k8s, s3 buckets, etc..)
  • AWS Security baseline 
  • GCP Security baseline
  • Azure Security baseline 
  • Automated multi-cloud auditing (cloud security suite intro)
  • Logical Architecture for multiple cloud 
  • SIEM setup (Splunk, ELK)
  • Deployment steps (Splunk setup, Cloud Security auditing instance) 
  • Proactive alerting for audit failures 
  • Cloud security posture dashboard and reports 
  • Q&A

avatar for Rod Soto

Rod Soto

Principle, Splunk
Rod Soto has over 15 years of experience in information technology and security. Currently working as a Security Researcher at Splunk User Behavioral Analytics. He has spoken at ISSA, ISC2, OWASP, DEFCON, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest... Read More →
avatar for Jose Hernandez

Jose Hernandez

Principal Security, Splunk
José is a Principal Security Researcher at Splunk. He started his professional career at Prolexic Technologies (now Akamai), fighting DDOS attacks from “anonymous” and “lulzsec” against Fortune 100 companies. As an engineering co-founder of Zenedge Inc. (acquired by Oracle... Read More →

Friday October 11, 2019 11:00am - 12:00pm CDT
BONHAM 3-D | Expert 2 600 E Market St, San Antonio, TX Floor 3