Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proactive Management of Federation using ELK

Published byAmberly Hensley Modified over 5 years ago

Similar presentations

Presentation on theme: "Proactive Management of Federation using ELK"— Presentation transcript:

1 Proactive Management of Federation using ELK
Yasvanth Babu HEAnet ELK – Elasticsearch, Logstash, Kibana

2 About me… System administrator at HEAnet Team - Edugate Interest...
Explore new things. February 19, 2019

3 Agenda Aim, Problem statement. Edugate and Elasticsearch. Outcomes.
Demo. Q&A. February 19, 2019

4 Aim To Generate yearly stats on Edugate Usage.
Increasing or decreasing. To find popular services in Edugate and who makes better use of Edugate. February 19, 2019

5 Legacy system Open-source. Used mainly to parse authentication events.
Build at Cardiff University. Used mainly to parse authentication events. IDP, OpenAthens and Ezproxy. HEAnet used raptor to generate IDP audit statistic. February 19, 2019

6 Raptor Architecture. February 19, 2019

7 Stats February 19, 2019

8 Problem Raptor code was not actively maintained.
New code base will be released soon. rrdtool graphs not interactive. Lack in self-service and real-time auditing. Very slow performance. February 19, 2019

9 Edugate And Elasticsearch
A graph/stats system built on top of Elastic Stack. Elasticsearch. Distributed Search engine. All data’s are indexed. Logstash. Pipeline processing. Kibana UI, Visualize your data. Charts, Maps, Time-series February 19, 2019

10 New stats system February 19, 2019

11 February 19, 2019

12 Achieved... To Generate yearly stats on Edugate Usage.
To find popular services in Edugate and who makes better use of Edugate. February 19, 2019

13 Addressed the problems that aren't noticed for months
February 19, 2019

14 Additional outcomes... Edugate Access Audits: No attributes released.
Important journals. Ligo, Clarin, Niche-resources. Suspicious Logins. Compromised Accounts. Misconfigured SP. Sharing of credentials. Service Activity. Login predictions. Real-time alerts. February 19, 2019

15 What data? >>> IP address Idp1.heanet.ie >>> Host T232814Z >>> Timestamp urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect >>> Request Binding _85b888a75ac583060cf d20a >>> Request ID >>> Relying Party ID >>> Message Profile ID >>> Asserting Party ID urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST >>> Response Binding _8c804d811a89b8fbfb79b462bf65f76e >>> Response ID Joe.bloggs >>> User Name urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport >>> AuthMethod eduPersonPrincipalName, >>> Released Attributes AAdzyuWqsRuNM5ySZ2I724XTrL2/MzmvJU= >>> Name Identifier _79ff78ddfba9a21d38401c06e19e163f >>> Assertion ID February 19, 2019

16 Self-service Kibana lacks in Multi-tenant. Security
Anonymize usernames. Shard access. February 19, 2019

17 Searchguard Security Add-on for ELK Stack. Encryption. Authentication.
LDAP/AD, Kerberos, Host-Based, JWT and SAML . Multi-tenancy. Based on user roles. Centralized User ACL Index. Licensing. Community, Academic and Enterprise February 19, 2019

18 Future work Learning analytics. Automation. Can Integrate with:
IDP, Eduroam and VLE ( moodle). Automation. Resource registry. Can Integrate with: Netflow, Application data, Web-filter data. Machine learning. February 19, 2019

19 Summary... Multi-tenant Stats system.
Real-Time Auditing and Analyzing. Alerting System. February 19, 2019

20 Demo... February 19, 2019

21 Questions ? February 19, 2019

Download ppt "Proactive Management of Federation using ELK"

Similar presentations

Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
COI Architecture? Web Enabling Standard Patient-Model Searches in Disparate EMR Systems By Dan CorwinDan Corwin November 2007.

COI Architecture? Web Enabling Standard Patient-Model Searches in Disparate EMR Systems By Dan CorwinDan Corwin November 2007.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Strong Mobile Authentication in Finland (MPKI, WPKI) Special Discussion Topic Kantara Initiative Telco Identity Working Group Prepared by: Keith Uber Ubisecure.

Strong Mobile Authentication in Finland (MPKI, WPKI) Special Discussion Topic Kantara Initiative Telco Identity Working Group Prepared by: Keith Uber Ubisecure.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.

Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.
MONITORING TOOLS Open Source Security Tools to monitor your network.

MONITORING TOOLS Open Source Security Tools to monitor your network.
Architecture & Integration: CP v3.1. 3.x Platforms: Windows NT sp5(6a)/Solaris 2.8 iWS Client(s) Netscape/IE 4.0+ Java Servlet Engine (Java Servlet API)

Architecture & Integration: CP v x Platforms: Windows NT sp5(6a)/Solaris 2.8 iWS Client(s) Netscape/IE 4.0+ Java Servlet Engine (Java Servlet API)
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
JIRA Defect Tracking Tool Tool to Record, Track and Resolve Issues, Bugs, Defects, Improvements and New Feature Requests LIGO-G080616-00-M.

JIRA Defect Tracking Tool Tool to Record, Track and Resolve Issues, Bugs, Defects, Improvements and New Feature Requests LIGO-G M.
4/20/2017 7:57 PM.

4/20/2017 7:57 PM.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Aoife Lawton Systems Librarian HSE. Outline eLibrary models of authentication Library/Librarian visibility – some tips Mobile technologies Federated Search.

Aoife Lawton Systems Librarian HSE. Outline eLibrary models of authentication Library/Librarian visibility – some tips Mobile technologies Federated Search.

Similar presentations

Ads by Google