Monitoring & Defending Infrastructure Security Attacks

by Madhu Akula


Monitoring for attacks and defending them in real-time is crucial. Crunch through all the logs from the various sources (servers, applications, firewalls etc.) to gain insights from anomalies in real time. Making the right choices from the attacks can prove to be a nightmare. Even with the solutions already available in the market. In this workshop we can see attacks happening in real time using a centralised dashboard. By collecting logs from various sources we will monitor and analyse the attacks. Using data gleaned from the logs, we can apply defensive rules against the attackers. We will be using open source technologies to build this monitoring solution.


The workshop at the very least will include the following hands on topics:

  • Understanding problems with traditional logging methods
  • Introduction to ELK Stack (Elasticsearch, Logstash, Kibana)
  • Setting up Elastic Stack
  • Setting up Infrastructure to collect logs
  • Correlating the logs and centralized management
  • Creating dashboards with custom queries and visualizations
  • Alerting for attack patterns and queries to Slack, Email
  • Automated defence demo using Serverless technology (AWS Lambda)
  • Use cases and future improvements
  • Best practices and production deployment tips


  • Bring your laptop with admin/root privileges.
  • You will need at least 10 GB of free space for virtual machines.
  • Your laptop should be capable of running 64-bit VMs inside Virtual Box.


  • Attendee should be familiar with Linux command line usage


1 day


Security Engineers & Analysts, SOC Teams, IT/Network Administrators, Who interested to automate security monitoring


  • Lot's of hands-on to build your own FOSS based Security Monitoring System.
  • Understanding and using open source tools to defend against attacks in near real-time
  • Dealing with large amount and different kind of logs formats
  • Best practices to deploy and manage the stack in your environments
  • Give away check-lists, play books, walk-through guides


We will be mostly doing how ELK will help to security monitoring, we don't cover scaling ELK stack.


Madhu Akula

Automation Ninja

Madhu is a security ninja, security and devops researcher with extensive experience in the industry ranging from client facing assignments building scalable and secure infrastructure, to publishing industry leading research to running training sessions for companies and governments alike. Madhu’s research papers are frequently selected for major security industry conferences including Defcon 24, All Day DevOps, DevSecCon, DevOpsDays India, ToorCon, DefCamp, SkydogCon and NolaCon. Madhu was a keynote speaker for the National Cyber Security conference at Dayananda Sagar College in Feb 2016. When he’s not working with Appsecco’s clients or speaking at events he’s actively involved in researching vulnerabilities in open source products/platforms such as WordPress, Ntop, Opendocman etc. and is also a contributing bug hunter with Code Vigilant (a project to Secure Open Source Software). His research has identified many vulnerabilities in over 200 organizations including US Department of Homeland Security, Google, Microsoft, Yahoo, Adobe, LinkedIn, Ebay, At&t, Blackberry, Cisco, Barracuda etc. He is also an active member with Bugcrowd, Hackerone, Synack etc. Madhu has trained over 5000 people in information security for companies and organisaitons including the Indian Navy and the Ministry of e-services in a leading Gulf state.