![Page 1: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/1.jpg)
Elastic Search
Gain Insight Into Your Enterprise
![Page 2: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/2.jpg)
About us
University of Wisconsin – Milwaukee
University IT Services
• Chris Spadanuda – Associate Director Enterprise Services
• Ben Seefeldt – Lead Administrator IT Architecture and Infrastructure
• John Goodman – Manager, Identity and Access Management
![Page 3: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/3.jpg)
About UWM Enterprise Services
• Identity and Access Management
• Systems Support
• Business Applications
![Page 4: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/4.jpg)
UW Digital ID
UWM ePantherID
![Page 5: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/5.jpg)
![Page 6: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/6.jpg)
Enterprise Services - Goals
• Manage demand (MFA, Unified Communications, Storage, etc.)
• Modernize IAM infrastructure
• Update and refresh Data Center infrastructure
• Transition to cloud services – AWS, Azure
• Continue to increase compliance and security
![Page 7: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/7.jpg)
More data = More insight = More action• Early efforts
– Syslog Server, Splunk, AD Audit
• Information we wanted and problems to solve– Patch levels– Phishing mitigation– Identity login locations– Service performance– What applications and users are using our services– Service dependencies– Service utilization– Audit response and security (long term and short term)
![Page 8: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/8.jpg)
The Elastic Stack
![Page 9: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/9.jpg)
Logstash
• Inputs
• Filters
• Outputs
![Page 10: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/10.jpg)
Elasticsearch
• Indices
• Index templates
![Page 11: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/11.jpg)
Ingestion
• Pipelines
• Data enrichment
![Page 12: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/12.jpg)
Kibana
• Fields
• Index Patterns
![Page 13: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/13.jpg)
Architecture
![Page 14: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/14.jpg)
Architecture
![Page 15: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/15.jpg)
Fields
• Timestamp
• Agent
• Client IP
• Geolocation
• Server IP
• Http_status
• Request uri
![Page 16: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/16.jpg)
Data Types
• String
• Numeric
• Date
• Boolean
• Binary
• Array
• Objects
![Page 17: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/17.jpg)
Aggregations
• Building blocks towards more complex data summaries
• Buckets: Match relevant data based on defined criteria
• Metric: Track and compute information from a set of documents
![Page 18: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/18.jpg)
Visualizations
• Based upon queries
• Dashboards
• Bar graphs
• Pie charts
• Tables
• Coordinate maps
![Page 19: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/19.jpg)
Identifying Data Sources
• Authentication attempts (Success / Failure)
• Load balancer performance
• Webpage load times
• Error status
• Sourcing service usage
• Identify client software connections (OS / Browser type)
![Page 20: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/20.jpg)
Putting Data Into Action
• Office 365 authentication attempts
• Geolocation of authentication attempts
• Correlating similar authentication attempts
• Identifying user impact
![Page 21: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/21.jpg)
Compromised Accounts
![Page 22: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/22.jpg)
Compromised Accounts
![Page 23: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/23.jpg)
Compromised Accounts
![Page 24: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/24.jpg)
Compromised Accounts
![Page 25: Elastic Search - itlc.it.wisc.edu · Elastic Search Gain Insight Into Your Enterprise. About us University of Wisconsin –Milwaukee University IT Services •Chris Spadanuda –Associate](https://reader030.vdocument.in/reader030/viewer/2022041112/5f1b7dfa4e77266f5c01a7c1/html5/thumbnails/25.jpg)
Demo