IDMEF, the universal format for security alerts, OW2con'16, Paris.

•

2 j'aime•661 vues

The constant growth of cybercrime requires that nations are organizing to unite their defense and protection. In the area of cyber-detection federation requires standardizing in two fields: - Communications between the various tools and security solutions in order to consolidate and correlate information simply, we will call this communication “intra” Security Centers. - Communications between different Security Centers Teams to share information on incidents, we will call this communications “inter” Security Centers (between CSIRT). Both recognized standards at IETF in this field are: - IDMEF (Intrusion Detection Message Exchange Format) – RFC 4765 - IODEF (Incident Object Description Exchange Format) – RFC 5070 These two standards are still relatively new and insufficiently deployed on a market still dominated by proprietary formats. Prelude is a SIEM (Security Information & Event Management). This is a security control tool that fully use IDMEF. Prelude collects and centralizes the company security information of to provide a central point of steering. Thanks to the analysis and correlation of logs, Prelude alerts in real time of intrusion attempts and threats on the network. Prelude offers several tools of investigation and reporting on your big data to identify the weak signals which may prefigure of advanced persistent threats (APT). Finally, Prelude has all the tools to help the operation to simplify operators’ work and risk management.

Technologie

SECEF DAY – 21/09/16 / 1/ 1/ 1
PRELUDE AND LIBPRELUDE
THOMAS ANDREJAK – CS
22/09/2016

SECEF DAY – 21/09/16 / 2/ 2
WHO AM I
âThomas ANDREJAK, 29 years old
› Working at Communication & Systems (Paris) : https://www.c-s.fr
› Technical manager of Prelude SIEM : https://www.prelude-siem.org
› Expert in security of information systems
âTalk : Prelude and LibPrelude
› Prelude history
› What is IDMEF
› Where to find the library
› How to use it
› Live coding session

SECEF DAY – 21/09/16 / 3/ 3
PRELUDE SIEM

SECEF DAY – 21/09/16 / 4/ 4
WHAT IS PRELUDE ?
â Prelude is an OpenSource SIEM and born in 1998
â Prelude has been based on IDMEF since the creation of the standard (2005)
â Manipulation of IDMEF objects is done through two libraries in Prelude
› LibPrelude : Manage IDMEF objects and transport of these objects
› LibPreludeDB : Storage of IDMEF objects in a database
â LibPrelude and LibPreludeDB are parts of Prelude OSS
› https://www.prelude-siem.org
â These libraries are released under the GPL v2 license

SECEF DAY – 21/09/16 / 5/ 5
WHAT IS IDMEF?
âIDMEF (RFC 4765)
› Intrusion Detection Message
Exchange Format
› Describes a technical security
alerts format for information
systems
› Exchange of intrusion-related data
between systems

SECEF DAY – 21/09/16 / 6/ 6
LIBPRELUDE - TECHNICAL IMPLEMENTATION
â Library written in C (around 200k lines of code)
â Available for the C++ and Python languages
â Included in many IDS
› Suricata
› Snort
› OSSEC
› Etc.
âIn the new RGI (French referential of interoperability) that has been
released this year, IDMEF is in required state
âWe continue to work with new security tools to help them to include the
LibPrelude

SECEF DAY – 21/09/16 / 7/ 7
INTEGRATION
âQuestions to ask yourself
› What language does my program use?
› Are both licenses compatible?
› Where do I have to initialize my connector?
› Where does my program handle reporting/notifications?
§ Usually around syslog functions
› What information do I need to fill in IDMEF objects?
› In which IDMEF fields do my data have to go ?
âLibIDMEF tutorial
› http://redmine.secef.net/projects/secef/wiki/How_to_use_LibIDMEF
â“How to build a sensor” tutorial
› http://redmine.secef.net/projects/secef/wiki/How_to_build_a_sensor

SECEF DAY – 21/09/16 / 8/ 8
AGENT CONTRIBUTION PROGRAM
Development of a new agent for Prelude SIEM
We are looking for many other security tools
to become compatible with IDMEF !
Open partner program
https://www.prelude-siem.org/projects/prelude/wiki/PreludeAgentContribution

SECEF DAY – 21/09/16 / 9/ 9
LIVE CODING SESSION
Building an IDMEF sensor in 5 minutes

SECEF DAY – 21/09/16 / 10/ 10
QUESTIONS ?

SECEF DAY – 21/09/16 / 11/ 11
ANNEXE : BUILD AN IDMEF SENSOR IN 5 MINUTES

Contenu connexe

En vedette

2013 cch basic principles ch02

dphil002

Amsterdam Data Portal

OW2

Putting Controlled Vocabulary To Work I Davis 2008

Ian Davis

XWiki Product and Community, OW2con'15, November 17, Paris

OW2

Ow2 Open World Forum09 Trustie Project

OW2

Manage Traceability with Apache Atlas flexible metadata repository.

OW2

Antelink OW2 Conference Nov10

OW2

The OpenCloudware PaaS platform provides an advanced automated performance testing service, based on OW2's CLIF load injection framework. By enabling the CLIF as a Service (CLIFaaS) option for a given project from the OpenCloudware portal, the project team automatically gets a Jenkins continuous integration server enhanced with performance testing capabilities. Leveraging on the OpenCloudware PaaS' core services, CLIFaaS gracefully handles the full deployment, configuration and execution of both the distributed load injection system and the target distributed application. Once the test run is complete, a performance report is automatically generated and the test-supporting virtual machines are discarded.

CLIF as a Service: Distributed performance testing in continuous integration...

OW2

Tabacundo 2010

Pablo Guaña

Chapter 1 presentation

dphil002

Populismo Radical

Crisis 999

Life Beautiful Monday

Pentiux

Open Stack OW2 Conference Nov10

OW2

Chapter 12

dphil002

Open Source BI OW2 Conference Nov10

OW2

Ow2 X Wiki Use Case Open World Forum09

OW2

Programming Language Final PPT

Matthew Chang

XWiki OW2 Conference Nov10

OW2

Contrail Project, OW2con11, Nov 24-25, Paris

OW2

Trustworthy software OW2 Conference Nov10

OW2

En vedette (20)

2013 cch basic principles ch02

Amsterdam Data Portal

Putting Controlled Vocabulary To Work I Davis 2008

XWiki Product and Community, OW2con'15, November 17, Paris

Ow2 Open World Forum09 Trustie Project

Manage Traceability with Apache Atlas flexible metadata repository.

Antelink OW2 Conference Nov10

CLIF as a Service: Distributed performance testing in continuous integration...

Tabacundo 2010

Chapter 1 presentation

Populismo Radical

Life Beautiful Monday

Open Stack OW2 Conference Nov10

Chapter 12

Open Source BI OW2 Conference Nov10

Ow2 X Wiki Use Case Open World Forum09

Programming Language Final PPT

XWiki OW2 Conference Nov10

Contrail Project, OW2con11, Nov 24-25, Paris

Trustworthy software OW2 Conference Nov10

Similaire à IDMEF, the universal format for security alerts, OW2con'16, Paris.

IPSEC

Open Source School

UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf

Wlamir Molinari

SPDX is an open format for describing software licenses, contents and ownership. It is a simple text document with great benefits for software governance. But have you ever seen one? Despite being an open standard, there aren't many available to public. Using only Linux, GitHub and F/OSS tools, Nuno and Ben were fuelled to prove that SPDX is also applicable to everyday projects. As result, the first large-scale SPDX Internet archive came to exist. Join this presentation to learn how over 1 million SPDX documents were created using open data in large-scale repositories and how easy it is to create one. From now forward you'll be able to express the licenses in your code automatically and create licensing transparency by yourself.

2014 10-14: GitHub plus FOSS == 1 million SPDX

Nuno Brito

L'infrastruttura come codice e le applicazioni cloud-native consentono di raggiungere livelli senza precedenti di efficienza e governance dei nostri servizi cloud, rendendoci capaci di creare infrastrutture immutabili e ripetibili, di poterci operare come se fossero applicazioni quindi versionando il codice, qa e test automatici e procedure di rilascio automatiche verso gli ambienti di destinazione. Più inseriamo codice nelle nostre infrastrutture, più estendiamo la superficie di attacco. In questo talk, esaminerò gli attacchi alla catena di approvvigionamento a diversi livelli, come rilevarli e le tecniche per mitigarli e come scrivere codice IaC più sicuro.

Deep dive nella supply chain della nostra infrastruttura cloud

sparkfabrik

Shift Left Security

gjdevos

Cytoscape and External Data Analysis Tools

Keiichiro Ono

DockerDay2015: Keynote

Docker-Hanoi

Dev Ops for systems of record - Talk at Agile Australia 2015

Mirco Hering

Node.js Service - Best practices in 2019

Olivier Loverde

Overwhelmed with security issues in your Node.js applications? Not entirely sure how to write secure code? Join us in this workshop where you’ll learn how to improve security without being a security professional. We’ll use Snyk Code’s VS Code extension to catch and find security issues while you code, automatically fix security issues in your open source libraries, and see first-hand how to weaponize vulnerabilities to exploit working Node.js applications. You will also learn about the multiple ways of using Snyk to secure your projects, from the CLI, to CI/CD pipelines with GitHub Actions, and extend your know from secure code and secure dependencies to that of building secure containers to your Node.js apps on Docker.

Snyk Intro - Developer Security Essentials 2022

Liran Tal

MicroEJ, the OS for IoT

MicroEJ

MicroEJ OS is a scalable Operating System for resource-constrained embedded and IoT devices, optimized for a wide range of hardware architectures. With MicroEJ OS, OEMs use proven methods that cut software development time and cost. They create software that delivers incredible user experience and adjusts to Internet business needs. MicroEJ development tools enable device manufacturers to deliver differentiating firmware using MicroEJ SDK.

MicroEJ OS for IoT devices

charlotte75009

This talk "What is the secure software supply chain and the current state of the PHP ecosystem" discusses the current state of the software supply chain, the big global recent events (SolarWinds, log4shell, codecov, packagist) and the state of the PHP and Drupal ecosystem, the threats and the mitigations that can be applied using tools like Sigstore, Syft, and Grype for digital signatures, SBOM generation, and automatic vulnerability scanning and how to use them for real-world projects to gain unprecedented levels of knowledge of your digital artifacts.

Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...

sparkfabrik

O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...

NCCOMMS

Securing IoT Applications

WSO2

2nd ARM Developer Day - mbed Workshop - ARM

Antonio Mondragon

Even if not totally new, IoT era is bringing many new challenges to address but at a larger scale. Market oracles are publishing various figures about the expected gross, while security experts are alarming about their concerns. Software developers will use as much resources they can, while hardware engineers will focus on optimizing hardware for reducing cost of production or usage by focusing on power consumption. IoT is involving many subdomains from electronics to radio communication or cloud backends, and thus many skills than nobody can seriously claim to have. The good news is that nobody is alone in the world of open standards and free software, and cooperation is one of the key for a seamless "INTERnet of things" where everyone can find a place in this new landscape. To illustrate openness and interoperability, a couple of projects supported by Samsung Opensource group will be presented and how to get kickstarted on Web+IoT Technologies.

The complex IoT equation, and FLOSS solutions, OW2con'18, June 7-8, 2018, Paris

OW2

webthing-floss-iot-20180607rzr

Phil www.rzr.online.fr

The Complex IoT Equation (and FLOSS solutions)

Samsung Open Source Group

Machine learning in cybersecutiry

Vishwas N

Similaire à IDMEF, the universal format for security alerts, OW2con'16, Paris. (20)

IPSEC

UC18NA-D3D202-Dianomic-IZoratti-Introduction-To-FogLAMP.pdf

2014 10-14: GitHub plus FOSS == 1 million SPDX

Deep dive nella supply chain della nostra infrastruttura cloud

Shift Left Security

Cytoscape and External Data Analysis Tools

DockerDay2015: Keynote

Dev Ops for systems of record - Talk at Agile Australia 2015

Node.js Service - Best practices in 2019

Snyk Intro - Developer Security Essentials 2022

MicroEJ, the OS for IoT

MicroEJ OS for IoT devices

Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...

O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...

Securing IoT Applications

2nd ARM Developer Day - mbed Workshop - ARM

The complex IoT equation, and FLOSS solutions, OW2con'18, June 7-8, 2018, Paris

webthing-floss-iot-20180607rzr

The Complex IoT Equation (and FLOSS solutions)

Machine learning in cybersecutiry

Plus de OW2

This presentation is given by Stefano Pampaloni at the RIOS Open Source Week, Nov. 2022 in Roma. Abstract: Established in 2007 as a non-profit organisation, OW2 is an independent community dedicated to promoting open source software for information systems and fostering their business ecosystems. OW2 federates 50+ organizations and 2500+ IT professionals worldwide. OW2 hosts 50+ technology Projects. RIOS is an Italian network of companies established in 2015 aiming to improve open source adoption and to build sustainable businesses around it OW2 and RIOS are working together to foster collaboration between European open-source stakeholders.

OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma

OW2

The Good Governance Initiative (GGI) proposes a methodological framework to assess open-source awareness, compliance and governance in any kind of organizations, helping them to structure and improve the use of FOSS towards an OSPO. The GGI was initiated by OW2 and is developed by the OSPO Alliance. This presentation will give an overview of the initiative, its organization, roadmap, first achievements and next steps.

The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...

OW2

GLPi v.10, les fonctionnalités principales et l'offre cloud

OW2

Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...

OW2

FusionIAM : la gestion des identités et des accés open source

OW2

Connaissez-vous OW2 ? Aventure commencée en 1999 à Grenoble sur la base d'un consortium industriel dédié au middleware open source, devenu association sans but lucratif d'échelle européenne en 2006 sous le nom d'OW2, nous agissons pour la diffusion du libre dans le monde professionnel depuis plus de 20 ans. OW2 compte des adhérents de toute taille : 2.600 individuels en adhésion gratuite, et 30 institutionnels, de la TPE unipersonnelle à Orange, Microsoft ou Huawei, de l'Inria ou le Fraunhofer Fokus à la Gendarmerie Nationale ou la ville de Paris. Nos projets sont plus célèbres que nous : ASM, Centreon, Lutece, PrestaShop, Sympa ou Rocket.Chat vous diront peut-être quelque chose ? Philosophiquement, OW2 se trouve quelque part entre Eclipse et Apache : culture technique, infrastructure d'hébergement et d'assistance pour les projets, sur la ligne de crête entre l'esprit du libre et les contraintes du business, nous sommes un acteur de l'économie sociale, persuadé que l'open source est central dans une transformation sociétale nécessaire qui ne pourra se faire sans l'adhésion du monde industriel et académique. A un tournant de notre histoire, nous investissons le créneau de la qualité industrielle des projets avec notre méthodologie "Market readiness Levels", et la gouvernance de l'open-source comme membre fondateur de l'OSPO Alliance (ospo.zone) et éditeur du guide méthodologique "OSS Good Governance handbook". Ne nous y trompons pas : OW2 est un acteur éminemment politique, porteur d'une vision fondée sur la transformation du monde professionnel et de ses valeurs par le code et la coopération. Et cette présentation, avec un survol de notre histoire, adhérents, initiatives et projets, est également l'occasion d'en débattre.

OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...

OW2

SFScon'20 Bringing the User into the Equation

OW2

A few years ago, Heartbleed epitomized a massive open source sustainability problem for critical parts of the internet infrastructure. The bug, which affected the popular OpenSSL cryptographic software library, notably compromised the confidentiality of 4.5 million US patient records and cost the industry an estimated $500M. It was soon revealed that the root cause of the issue was that OpenSSL was precariously understaffed. Open source sustainability became a major theme overnight. Stories of maintainer burn-out made the headlines. And tentative solutions started to emerge, most of them donation-based. In this talk we’ll explore a number of existing strategies to fund open source and make it more sustainable, from patronage to dedicated ad networks. And we’ll defend the idea that the best path to open source sustainability is to help companies understand the tangible business value they can get from contributing to open source.

Towards a sustainable solution to open source sustainability, OW2online20, Ju...

OW2

Advanced proactive and polymorphing cloud application adaptation with MORPHEM...

OW2

Presentation by Gael Blondelle, Managing Director at Eclipse Foundation. Abstract: In this talk, we will cover two complementary topics: The different Eclipse projects related to Open Source governance, like Eclipse SW360, SW360 Antenna, and Eclipse Steady, as well as the opportunity to leverage SW360 as the core of a larger Open Source governance initiative. The Eclipse IP Process that has been applied to hundreds of Eclipse projects for more than 15 years and is going through a modernization process that involves both simplification from the developer point of view, and openness to new source of trusted data like Clearly Defined.

Open Source governance and the Eclipse Foundation, OW2online, June 2020

OW2

Open source contribution policies are long, boring, overlooked documents, that generally suck. They're designed to protect the company at all costs. But in the process, end up hurting engineering productivity, and morale. Sometimes they even unknowingly put corporate IP at risk. But that's not inevitable. It's possible to write open source contribution policies that make engineers lives easier, boost morale and productivity, reduce attrition, and attract new talent. And it's possible to do so while reducing the company's IP risk, not increasing it. In this talk, we'll look at the general structure of contribution policies, examples in the wild, and tactics to make them suck less. We'll also look at how to turn these policies into self-service software, preventing the tedious email back and forth between engineering and legal in most cases and making open source contribution a breeze. Presentation by Tobbie Langel, UnLockOpen.

Open source contribution policies, OW2online, June 2020

OW2

Presentation by Jose Manrique, CEO at Bitergia. Abstract: 2020 has started intense for many countries. It's been just a few months, but the things we have lived make us feel like it's been years. Covid-19 pandemic has hit everywhere and forced many people to work from home. If you were lucky enough to be in one of these modern companies that have adopted digital transformation years ago, would that be a problem? Many people have thought it wasn't, but it has really been. And what about the rest of the software developers involved in companies not ready for remote work at all? It's been said that nothing has boosted more companies' digital transformation than covid-19. But, are their managers ready for such change? Managing software development at scale is not an easy task, and this pandemic has disrupted the way projects are being developed in many companies. During this talk, I would like to share lessons learned from open source development at scale that might help companies to adapt to these changes. But more specifically, lessons about how software development analytics help managers to understand collaborative remote work.

Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...

OW2

Presentation by Olivier Fendt, Senior Manager Open Source Software at Siemens. Abstract: The well-known OpenChain project launched in Sept 2019 a Tooling Group. The objective of this group is to realize a turn-key Open Source toolchain for Open Source Compliance, which is / can be easily integrated in the software development CI/CD pipelines. The Tooling Group uses open source principles to accomplish this, creating a meritocracy producing real world solutions for real world challenges, and sharing these results with all interested parties. The presentation gives an overview of the Tooling group its objectives, the areas of focus, the current state and future plans.

Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020

OW2

Presentation by Nicolas Toussaint, Software Architect, Orange. Abstract: Orange and Orange Business Services have turned to full open source solutions to tackle the complex problem of respecting the open source legal compliance constraints. This talk presents the journey undertaken the past few years to build and improve the existing tooling and processes to make compliance validation possible, as well as allow overseeing progresses.

Open Source Compliance at Orange, OW2online, June 2020

OW2

Presentation by Boris Baldassari, Consultant, Castalia Solutions. Abstract: While Open Source Software has become mainstream, the understanding of its key principles, from ethics and collaboration to governance and community management, is gaining more interest and attention. There is a comprehensive volume of studies and reports backing up our individual and collective experience, yet we still cannot reliably measure these characteristics, and even less clearly define or assess them. In an attempt to build up confidence and foster maturity in this area, this talk will look at the various existing models and metrics related to OSS compliance and governance, and build upon them to propose methods and tools for their evaluation and analysis. We will discuss the requirements and essential questions to ask, offer guidelines for implementation and suggest efficient ways to present results.

Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020

OW2

Presentation by Amir Mir, TUDelft. As recent events, such as the leftpad incident and the Equifax data breach, have demonstrated, dependencies on networks of external libraries can introduce projects to significant operational and compliance risks as well as difficult to assess security implications. FASTEN introduces fine-grained, method-level, tracking of dependencies on top of existing dependency management networks. In our talk, we will present how FASTEN works on top of the Rust/Cargo and Java/Maven ecosystems.

Intelligent package management with FASTEN, OW2online, June 2020

OW2

DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020

OW2

Presentation by Hui Song, Senior Scientist, SINTEF. We would like to share our research journey towards enabling DevOps for IoT applications, and how Open Source makes the journey feasible and fun. DevOps is widely adopted for developing cloud applications, which supports developers in continuously placing software changes directly to production. As companies are including IoT and Edge devices into their IT infrastructures, supporting DevOps for IoT is a must. However, IoT challenges some fundamental assumptions behind DevOps, such as the homogeneous infrastructure and centralized governance, and therefore, breaking-through research is needed. Funded by H2020, 30 people from 12 partners crossing academia and industry gathered to solve these fundamental challenges, which results in full-stack open source tools for automatic deployment, learning-based operation and security monitoring of IoT applications, and risk management of the development process. The tools are evaluated on industrial use cases in intelligent transportation, smart building, and eHealth. The mass open source tools and communities around IoT development provides the sound foundation for this design research and the opportunities for the further exploitation of the results. In particular, we are proud of spinning off a start-up to commercialize the risk management services in the open source + SaaS model.

Enabling DevOps for IoT software development, powered by Open Source, OW2onli...

OW2

Artificial Intelligence is now smarter than ever, showing human-like abilities at complex tasks such as images classification or natural language processing. But despite its recent advances, it's still not a silver bullet. This talk will present a few challenges in the research and development of artificial intelligence that slow down its progress and adoption. In particular, problems around fairness, the training of models and how to share them will be introduced as well as possible Free Software solutions. Presentation by Vincent Lequertier, PhD Student, Lyon UNiverversity.

Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...

OW2

We propose a walkthrough of current utilization of Open Source Software in capacity planning for the Orange network infrastructure. The objective of our project is to have a platform that helps engineers to carefully plan the resources available to them as well as to correlate different incidents within remote parts of the infrastructure. In order to achieve this we started using Cacti with the Spine collector which worked great, but Orange France is a very large company with many entities, each with its own governance, and so we began to see some limitations. There was a need to centralize some information from different parts in Orange France as well as to integrate the equipment capacity and load values into BigData Orange. In order to achieve this we developed the “Puits de donneés” platform completely based on Open Source Software. The visualization and statistical analysis part is handled by Grafana while the ETL runs on Apache Software Foundation products like NiFi, Zookeeper and Ambari with a storage solution from MariaDB for which we did extensive performance tuning and customization due to the large amounts of data.

Cacti and Big Data at Orange France, OW2online, June 2020

OW2

Plus de OW2 (20)

OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma

The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...

GLPi v.10, les fonctionnalités principales et l'offre cloud

Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...

FusionIAM : la gestion des identités et des accés open source

OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...

SFScon'20 Bringing the User into the Equation

Towards a sustainable solution to open source sustainability, OW2online20, Ju...

Advanced proactive and polymorphing cloud application adaptation with MORPHEM...

Open Source governance and the Eclipse Foundation, OW2online, June 2020

Open source contribution policies, OW2online, June 2020

Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...

Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020

Open Source Compliance at Orange, OW2online, June 2020

Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020

Intelligent package management with FASTEN, OW2online, June 2020

DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020

Enabling DevOps for IoT software development, powered by Open Source, OW2onli...

Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...

Cacti and Big Data at Orange France, OW2online, June 2020

Dernier

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

How to convert PDF to text with Nanonets

naman860154

Scaling API-first – The story of a global engineering organization

Radu Cotescu

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Friends Colony Women Seeking Men

Delhi Call girls

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Evaluating the top large language models.pdf

ChristopherTHyatt

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Dernier (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

[2024]Digital Global Overview Report 2024 Meltwater.pdf

Partners Life - Insurer Innovation Award 2024

How to convert PDF to text with Nanonets

Scaling API-first – The story of a global engineering organization

The 7 Things I Know About Cyber Security After 25 Years | April 2024

How to Troubleshoot Apps for the Modern Connected Worker

08448380779 Call Girls In Friends Colony Women Seeking Men

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

GenAI Risks & Security Meetup 01052024.pdf

Evaluating the top large language models.pdf

presentation ICT roal in 21st century education

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

A Domino Admins Adventures (Engage 2024)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Powerful Google developer tools for immediate impact! (2023-24 C)

Automating Google Workspace (GWS) & more with Apps Script

🐬 The future of MySQL is Postgres 🐘

IDMEF, the universal format for security alerts, OW2con'16, Paris.

1. SECEF DAY – 21/09/16 / 1/ 1/ 1 PRELUDE AND LIBPRELUDE THOMAS ANDREJAK – CS 22/09/2016

2. SECEF DAY – 21/09/16 / 2/ 2 WHO AM I âThomas ANDREJAK, 29 years old › Working at Communication & Systems (Paris) : https://www.c-s.fr › Technical manager of Prelude SIEM : https://www.prelude-siem.org › Expert in security of information systems âTalk : Prelude and LibPrelude › Prelude history › What is IDMEF › Where to find the library › How to use it › Live coding session

3. SECEF DAY – 21/09/16 / 3/ 3 PRELUDE SIEM

4. SECEF DAY – 21/09/16 / 4/ 4 WHAT IS PRELUDE ? â Prelude is an OpenSource SIEM and born in 1998 â Prelude has been based on IDMEF since the creation of the standard (2005) â Manipulation of IDMEF objects is done through two libraries in Prelude › LibPrelude : Manage IDMEF objects and transport of these objects › LibPreludeDB : Storage of IDMEF objects in a database â LibPrelude and LibPreludeDB are parts of Prelude OSS › https://www.prelude-siem.org â These libraries are released under the GPL v2 license

5. SECEF DAY – 21/09/16 / 5/ 5 WHAT IS IDMEF? âIDMEF (RFC 4765) › Intrusion Detection Message Exchange Format › Describes a technical security alerts format for information systems › Exchange of intrusion-related data between systems

6. SECEF DAY – 21/09/16 / 6/ 6 LIBPRELUDE - TECHNICAL IMPLEMENTATION â Library written in C (around 200k lines of code) â Available for the C++ and Python languages â Included in many IDS › Suricata › Snort › OSSEC › Etc. âIn the new RGI (French referential of interoperability) that has been released this year, IDMEF is in required state âWe continue to work with new security tools to help them to include the LibPrelude

7. SECEF DAY – 21/09/16 / 7/ 7 INTEGRATION âQuestions to ask yourself › What language does my program use? › Are both licenses compatible? › Where do I have to initialize my connector? › Where does my program handle reporting/notifications? § Usually around syslog functions › What information do I need to fill in IDMEF objects? › In which IDMEF fields do my data have to go ? âLibIDMEF tutorial › http://redmine.secef.net/projects/secef/wiki/How_to_use_LibIDMEF â“How to build a sensor” tutorial › http://redmine.secef.net/projects/secef/wiki/How_to_build_a_sensor

8. SECEF DAY – 21/09/16 / 8/ 8 AGENT CONTRIBUTION PROGRAM Development of a new agent for Prelude SIEM We are looking for many other security tools to become compatible with IDMEF ! Open partner program https://www.prelude-siem.org/projects/prelude/wiki/PreludeAgentContribution

9. SECEF DAY – 21/09/16 / 9/ 9 LIVE CODING SESSION Building an IDMEF sensor in 5 minutes

10. SECEF DAY – 21/09/16 / 10/ 10 QUESTIONS ?

11. SECEF DAY – 21/09/16 / 11/ 11 ANNEXE : BUILD AN IDMEF SENSOR IN 5 MINUTES

IDMEF, the universal format for security alerts, OW2con'16, Paris.

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (20)

Similaire à IDMEF, the universal format for security alerts, OW2con'16, Paris.

Similaire à IDMEF, the universal format for security alerts, OW2con'16, Paris. (20)

Plus de OW2

Plus de OW2 (20)

Dernier

Dernier (20)

IDMEF, the universal format for security alerts, OW2con'16, Paris.