Data Enrichment with GeoIP and Logstash in 60 seconds

This video provides a walkthrough of performing data enrichment. Data enrichment involves using existing data to pull in additional context. Within this example, Logstash is used to perform a geoip lookup against an IP address using both the City and ASN databases provided by the free Maxmind geo database. To download the VM in the video, please use the link below: If the link above does not work, try downloading it from Do not forget to subscribe to this channel for updates on future videos. Speaker: Justin Henderson, CEO H & A Security Solutions LLC Justin is the co-founder of H&A Security Solutions, LLC, a company that deploys, maintains, and tunes SIEM, NSM other solutions for organizations. Justin also maintains one of the largest security onion deployments in the world with over 1200 network sensors. He is a passionate security architect and researcher whose cybersecurity experience started at the age of thirteen when he began providing professional services to organizations. Justin was the 13th GSE to become both a red and blue SANS Cyber Guardian and holds over 60 industry certifications. As the author of SEC555 and co-author of SEC455 and SEC530, he’s able to bring his encyclopedia of IT knowledge into the classroom.