SlideShare a Scribd company logo

Feed Your SIEM Smart with Kafka Connect (Vitalii Rudenskyi, McKesson Corp) Kafka Summit 2020

HostedbyConfluent, profile picture
HostedbyConfluent

The document discusses the implementation of data collection for a Security Information and Event Management (SIEM) system using Kafka Connect, focusing on the motivation, requirements, and anticipated challenges. It outlines two main connectors: 'push' and 'pull', as well as a transformations library to handle different message formats and improve data management. Key takeaways emphasize a highly available architecture, the importance of monitoring, and considerations for data archival and transformation.

Technology
Related topics:
Kafka Summit
1 of 25
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Feed Your SIEM Smart with Kafka Connect Vitalii Rudenskyi Security Architect, McKesson Corp
Motivation and Background
Why We Started It’s not a mistake to make a mistake, but it’s a mistake to repeat the same mistake
Requirements ★ Logs collection to be vendor agnostic ★ Feed different analytics tools ★ Data filtering and cleaning ★ Existing data retention requirements ★ Scalable and highly available
Anticipated Challenges ★ Amount of data and number of sources ★ Variety of different formats ★ SaaS/PaaS applications and public Clouds ★ Cloud SIEM
Kafka Connect
The Three Keys That Open The Door
How to Collect Data
The Three Keys ‘Push’ Connector ‘Pull’ Connector Transformations Library
Push - NettySource Connector ★ Unified: “all-in-one” different transport and protocols ★ Scalable: multiple tasks supported ★ Available: works behind a LB (health checks supported) ★ Configurable: multiple protocols (plain text, syslog, http, snmp, netflow) ★ Customizable: custom implementations supported
NettySource Connector Common deployment model
Pull - PollableAPIClient Connector ★ Simple: easy new connectors development ★ Scalable: multiple tasks/partitions supported ★ Configurable: interval and scheduled (cron-style) polls, retry/backoff, resettable offsets ★ Customizable: custom implementations supported
PollableAPIClient Connector
PollableAPIClient Connector 25+ ApiClient implementations
Transformations Library ★ Can transform different parts of a kafka message ★ Supports “if” conditions
Takeaways
Highly Available NettySource Connector
Headers All The Way ★ Track origin of the data ★ Conditional routing ★ Tagging in ‘chained’ transformations ★ SIEM specific metadata
Syslog: Take Port 514 Under Control Multi-rules RegexRouter config
Data archiving solution ★ Pair of source and sink connectors ★ One connector for all topics ★ Compressed ★ Easy to restore
★ Monitoring is essential ★ Keep original data ★ Be cautious when using “heavy” transformations in source connectors
5 kafka clusters 20+ kafka connect clusters 530+ deployed connectors 7+TB of data daily
What is the next...
We share! ★ NettySource Connector https://github.com/vrudenskyi/kafka-connect-netty-source ★ PollableAPIClient Connector https://github.com/vrudenskyi/kafka-connect-pollable-source https://github.com/vrudenskyi/kafka-connect-api-clients ★ Transformations Library https://github.com/vrudenskyi/kafka-connect-transform
Q & Avrudenskyi@gmail.com https://www.linkedin.com/in/vrudenskyi/

More Related Content

PDF
Introduction to Apache Beam
Jean-Baptiste OnofrĂŠ
 
PDF
Advanced Streaming Analytics with Apache Flink and Apache Kafka, Stephan Ewen
confluent
 
PDF
Media Handling in FreeSWITCH
Moises Silva
 
PDF
Altinity Quickstart for ClickHouse
Altinity Ltd
 
PDF
Apache kafka performance(throughput) - without data loss and guaranteeing dat...
SANG WON PARK
 
PDF
Apache Cassandra at Macys
DataStax Academy
 
PDF
The Rise of ZStandard: Apache Spark/Parquet/ORC/Avro
Databricks
 
PDF
Multi Master PostgreSQL Cluster on Kubernetes
Ohyama Masanori
 
Introduction to Apache Beam
Jean-Baptiste OnofrĂŠ
 
Advanced Streaming Analytics with Apache Flink and Apache Kafka, Stephan Ewen
confluent
 
Media Handling in FreeSWITCH
Moises Silva
 
Altinity Quickstart for ClickHouse
Altinity Ltd
 
Apache kafka performance(throughput) - without data loss and guaranteeing dat...
SANG WON PARK
 
Apache Cassandra at Macys
DataStax Academy
 
The Rise of ZStandard: Apache Spark/Parquet/ORC/Avro
Databricks
 
Multi Master PostgreSQL Cluster on Kubernetes
Ohyama Masanori
 

What's hot (20)

PDF
Care and Feeding of Catalyst Optimizer
Databricks
 
PDF
Creating Beautiful Dashboards with Grafana and ClickHouse
Altinity Ltd
 
PPTX
Logstash
Rajgourav Jain
 
PPTX
HBase and HDFS: Understanding FileSystem Usage in HBase
enissoz
 
PDF
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
Edureka!
 
PDF
Kafka Security 101 and Real-World Tips
confluent
 
PPTX
Using Apache Arrow, Calcite, and Parquet to Build a Relational Cache
Dremio Corporation
 
PDF
ksqlDB: A Stream-Relational Database System
confluent
 
PPTX
Elk
Caleb Wang
 
PPTX
Integrating Apache Spark and NiFi for Data Lakes
DataWorks Summit/Hadoop Summit
 
PPTX
Using Wildcards with rsyslog's File Monitor imfile
Rainer Gerhards
 
PPTX
Elastic - ELK, Logstash & Kibana
SpringPeople
 
PDF
A Practical Introduction to Handling Log Data in ClickHouse, by Robert Hodges...
Altinity Ltd
 
PDF
Netflix conductor
Viren Baraiya
 
PPTX
The Future of Column-Oriented Data Processing With Apache Arrow and Apache Pa...
Dremio Corporation
 
PPTX
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
JaroslavChmurny
 
PPTX
Log management with ELK
Geert Pante
 
PPTX
Apache Beam: A unified model for batch and stream processing data
DataWorks Summit/Hadoop Summit
 
PDF
A Day in the Life of a ClickHouse Query Webinar Slides
Altinity Ltd
 
PDF
Vitess: Scalable Database Architecture - Kubernetes Community Days Africa Ap...
Alkin Tezuysal
 
Care and Feeding of Catalyst Optimizer
Databricks
 
Creating Beautiful Dashboards with Grafana and ClickHouse
Altinity Ltd
 
Logstash
Rajgourav Jain
 
HBase and HDFS: Understanding FileSystem Usage in HBase
enissoz
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
Edureka!
 
Kafka Security 101 and Real-World Tips
confluent
 
Using Apache Arrow, Calcite, and Parquet to Build a Relational Cache
Dremio Corporation
 
ksqlDB: A Stream-Relational Database System
confluent
 
Elk
Caleb Wang
 
Integrating Apache Spark and NiFi for Data Lakes
DataWorks Summit/Hadoop Summit
 
Using Wildcards with rsyslog's File Monitor imfile
Rainer Gerhards
 
Elastic - ELK, Logstash & Kibana
SpringPeople
 
A Practical Introduction to Handling Log Data in ClickHouse, by Robert Hodges...
Altinity Ltd
 
Netflix conductor
Viren Baraiya
 
The Future of Column-Oriented Data Processing With Apache Arrow and Apache Pa...
Dremio Corporation
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
JaroslavChmurny
 
Log management with ELK
Geert Pante
 
Apache Beam: A unified model for batch and stream processing data
DataWorks Summit/Hadoop Summit
 
A Day in the Life of a ClickHouse Query Webinar Slides
Altinity Ltd
 
Vitess: Scalable Database Architecture - Kubernetes Community Days Africa Ap...
Alkin Tezuysal
 
Ad

Similar to Feed Your SIEM Smart with Kafka Connect (Vitalii Rudenskyi, McKesson Corp) Kafka Summit 2020 (20)

PDF
Big data conference europe real-time streaming in any and all clouds, hybri...
Timothy Spann
 
PDF
Scenic City Summit (2021): Real-Time Streaming in any and all clouds, hybrid...
Timothy Spann
 
PDF
Introduction to Apache Mesos and DC/OS
Steve Wong
 
PDF
DevOps and Continuous Delivery with CloudFoundry
Johannes Rudolph
 
PDF
Streaming Time Series Data With Kenny Gorman and Elena Cuevas | Current 2022
HostedbyConfluent
 
PPTX
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...
Cisco DevNet
 
PPTX
OS for AI: Elastic Microservices & the Next Gen of ML
Nordic APIs
 
PDF
.NET Cloud-Native Bootcamp- Los Angeles
VMware Tanzu
 
PDF
Microsoft Azure Explained - Hitesh D Kesharia
HARMAN Services
 
PDF
Continuous delivery and DevOps with CloudFoundry
Johannes Rudolph
 
PPTX
Gs08 modernize your data platform with sql technologies wash dc
Bob Ward
 
PDF
Music city data Hail Hydrate! from stream to lake
Timothy Spann
 
PDF
Service fabric and azure service fabric mesh
Mikkel Mørk Hegnhøj
 
PDF
The Never Landing Stream with HTAP and Streaming
Timothy Spann
 
PDF
Developing Enterprise Applications for the Cloud, from Monolith to Microservice
Jack-Junjie Cai
 
PPTX
Developing Enterprise Applications for the Cloud, from Monolith to Microservices
David Currie
 
PDF
.NET Cloud-Native Bootcamp
VMware Tanzu
 
PDF
Zero to 1000+ Applications - Large Scale CD Adoption at Cisco with Spinnaker ...
DevOps.com
 
PPTX
Sqlviking
Jonn Callahan
 
PDF
Billions of Messages in Real Time: Why Paypal & LinkedIn Trust an Engagement ...
confluent
 
Big data conference europe real-time streaming in any and all clouds, hybri...
Timothy Spann
 
Scenic City Summit (2021): Real-Time Streaming in any and all clouds, hybrid...
Timothy Spann
 
Introduction to Apache Mesos and DC/OS
Steve Wong
 
DevOps and Continuous Delivery with CloudFoundry
Johannes Rudolph
 
Streaming Time Series Data With Kenny Gorman and Elena Cuevas | Current 2022
HostedbyConfluent
 
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...
Cisco DevNet
 
OS for AI: Elastic Microservices & the Next Gen of ML
Nordic APIs
 
.NET Cloud-Native Bootcamp- Los Angeles
VMware Tanzu
 
Microsoft Azure Explained - Hitesh D Kesharia
HARMAN Services
 
Continuous delivery and DevOps with CloudFoundry
Johannes Rudolph
 
Gs08 modernize your data platform with sql technologies wash dc
Bob Ward
 
Music city data Hail Hydrate! from stream to lake
Timothy Spann
 
Service fabric and azure service fabric mesh
Mikkel Mørk Hegnhøj
 
The Never Landing Stream with HTAP and Streaming
Timothy Spann
 
Developing Enterprise Applications for the Cloud, from Monolith to Microservice
Jack-Junjie Cai
 
Developing Enterprise Applications for the Cloud, from Monolith to Microservices
David Currie
 
.NET Cloud-Native Bootcamp
VMware Tanzu
 
Zero to 1000+ Applications - Large Scale CD Adoption at Cisco with Spinnaker ...
DevOps.com
 
Sqlviking
Jonn Callahan
 
Billions of Messages in Real Time: Why Paypal & LinkedIn Trust an Engagement ...
confluent
 
Ad

More from HostedbyConfluent (20)

PDF
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
HostedbyConfluent
 
PDF
Renaming a Kafka Topic | Kafka Summit London
HostedbyConfluent
 
PDF
Evolution of NRT Data Ingestion Pipeline at Trendyol
HostedbyConfluent
 
PDF
Ensuring Kafka Service Resilience: A Dive into Health-Checking Techniques
HostedbyConfluent
 
PDF
Exactly-once Stream Processing with Arroyo and Kafka
HostedbyConfluent
 
PDF
Fish Plays Pokemon | Kafka Summit London
HostedbyConfluent
 
PDF
Tiered Storage 101 | Kafla Summit London
HostedbyConfluent
 
PDF
Building a Self-Service Stream Processing Portal: How And Why
HostedbyConfluent
 
PDF
From the Trenches: Improving Kafka Connect Source Connector Ingestion from 7 ...
HostedbyConfluent
 
PDF
Future with Zero Down-Time: End-to-end Resiliency with Chaos Engineering and ...
HostedbyConfluent
 
PDF
Navigating Private Network Connectivity Options for Kafka Clusters
HostedbyConfluent
 
PDF
Apache Flink: Building a Company-wide Self-service Streaming Data Platform
HostedbyConfluent
 
PDF
Explaining How Real-Time GenAI Works in a Noisy Pub
HostedbyConfluent
 
PDF
TL;DR Kafka Metrics | Kafka Summit London
HostedbyConfluent
 
PDF
A Window Into Your Kafka Streams Tasks | KSL
HostedbyConfluent
 
PDF
Mastering Kafka Producer Configs: A Guide to Optimizing Performance
HostedbyConfluent
 
PDF
Data Contracts Management: Schema Registry and Beyond
HostedbyConfluent
 
PDF
Code-First Approach: Crafting Efficient Flink Apps
HostedbyConfluent
 
PDF
Debezium vs. the World: An Overview of the CDC Ecosystem
HostedbyConfluent
 
PDF
Beyond Tiered Storage: Serverless Kafka with No Local Disks
HostedbyConfluent
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
HostedbyConfluent
 
Renaming a Kafka Topic | Kafka Summit London
HostedbyConfluent
 
Evolution of NRT Data Ingestion Pipeline at Trendyol
HostedbyConfluent
 
Ensuring Kafka Service Resilience: A Dive into Health-Checking Techniques
HostedbyConfluent
 
Exactly-once Stream Processing with Arroyo and Kafka
HostedbyConfluent
 
Fish Plays Pokemon | Kafka Summit London
HostedbyConfluent
 
Tiered Storage 101 | Kafla Summit London
HostedbyConfluent
 
Building a Self-Service Stream Processing Portal: How And Why
HostedbyConfluent
 
From the Trenches: Improving Kafka Connect Source Connector Ingestion from 7 ...
HostedbyConfluent
 
Future with Zero Down-Time: End-to-end Resiliency with Chaos Engineering and ...
HostedbyConfluent
 
Navigating Private Network Connectivity Options for Kafka Clusters
HostedbyConfluent
 
Apache Flink: Building a Company-wide Self-service Streaming Data Platform
HostedbyConfluent
 
Explaining How Real-Time GenAI Works in a Noisy Pub
HostedbyConfluent
 
TL;DR Kafka Metrics | Kafka Summit London
HostedbyConfluent
 
A Window Into Your Kafka Streams Tasks | KSL
HostedbyConfluent
 
Mastering Kafka Producer Configs: A Guide to Optimizing Performance
HostedbyConfluent
 
Data Contracts Management: Schema Registry and Beyond
HostedbyConfluent
 
Code-First Approach: Crafting Efficient Flink Apps
HostedbyConfluent
 
Debezium vs. the World: An Overview of the CDC Ecosystem
HostedbyConfluent
 
Beyond Tiered Storage: Serverless Kafka with No Local Disks
HostedbyConfluent
 

Recently uploaded (20)

PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Advanced IT Governance
University of Hertfordshire
 
PPTX
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Advanced Soft Computing BINUS July 2025.pdf
University of Hertfordshire
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Advanced IT Governance
University of Hertfordshire
 
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Advanced Soft Computing BINUS July 2025.pdf
University of Hertfordshire
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 

Feed Your SIEM Smart with Kafka Connect (Vitalii Rudenskyi, McKesson Corp) Kafka Summit 2020