Zouhaier Somai

Context:

Participate in the implementation of a shared ELK cluster for business, technical, and application traceability for health insurance.

My collaboration was mainly to support CNAM project teams, deliver a supervision cluster for the ELK cluster, improve and secure the ELK cluster.

Tasks and contributions:

- Collaborate with architects on the design and implementation of a shared ELK cluster (node sizing, sharding and replication strategy).

- Secure the ELK cluster (OIDC, LDAP, TCP/SSL, X-Pack, Role Mapping, etc.).

- Collect and analyze ingestion needs from different entities, support them in defining requirements for parsing, indexing, mapping, and data retention.

- Develop Logstash pipelines adapted to project needs and contribute to the normalization of log formats within CNAM.

- Manage incidents, performance issues, and Logstash high availability (Persistent Queue, parsing, rejection management).

- Support development and production teams in installing Beats and private ELK clusters.

- Assist projects in creating and optimizing their Kibana dashboards.

- Implement the supervision cluster that monitors the health status of the shared cluster.

- Automate the addition of a new project to the ELK cluster using Ansible playbooks (add new Kibana space, index pattern, index template and mapping, dashboard, authorizations and users, etc.).

- Fix production issues (watermark, unassigned shards, query performance, etc.).

- Structure and manage indices via index templates, Datastream, and ILM.

- Coach and upskill team members and new joiners on log collection, ingestion, and analysis.

Technologies:

Elasticsearch, logstash, Kibana, Filebeat, winlogbeat, Kafka, F5, Syslog, Ansible, Shell, Python,

Gitlab CI.

Context:

Joined the BNP Collecting team, specializing in the collection and analysis of security logs to ensure continuous and proactive threat monitoring.

Collaborated with the infrastructure team to ensure the administration and industrialization of collection pipelines, while developing Logstash pipelines and deploying various collection agents.

Tâches et contributions:

- Deploy, configure, and administer an Elasticsearch cluster to centralize and exploit security logs.

- Collect and centralize logs from different sources: rsyslog, Windows Event, API, Microsoft Azure, and application security logs.

- Ensure the migration of data and pipelines from Splunk to the ELK stack, while guaranteeing the continuity of log collection and analysis.

- Develop Logstash pipelines to parse and enrich logs in accordance with internal standards and the needs of IT Risk Managers.

- Coach and upskill team members and new joiners on log collection, ingestion, and analysis.

- Ensure the upgrade of the ELK cluster while guaranteeing service continuity and component compatibility.

- Write technical documentation and transfer skills.

Technologies:

Docker, Kubernetes, Elasticsearch, logstash, Kibana, Jenkin, Gitlab-CI, IBM Cloud, ArgoCD,

Dynatrace, Ansible, Python, Shell, Kafka.

• - Install and deploy Elasticsearch clusters (nodes, Sharding and Replication).

• - Install and deploy Beats on different servers via Ansible.

• - Analyze log quality and perform field extraction using Grok.

• - Set up Kibana and create dashboards for real-time monitoring and tracking of application progress.

• - Set up and administer a Kafka cluster.

• - Create CI/CD pipelines.

• - Perform integration tests with TestContainers