SOC Automation, Enterprise Blueprinting and Hunting Using Open-Source Tools

Posted on in Presentations

Visibility is the core component in any SOC, from continual monitoring to incident response. While having a simple interface helps to display data, sometimes advanced hunting requires moving beyond the interface and delving into data that’s likely never been documented. This presentation will focus on building a better understanding of environments and hunting for unknown threats that lie within.

Learning Objectives:
1: Learn about blueprint networks using native operating system tools and osquery.
2: Learn how to reduce SOC fatigue by automating regular but critical tasks.
3: Learn to hunt using properly collected and organized data.

Linux, Windows command line; ELK stack configuration, administration (or equivalent technology, i.e., Splunk); networking basics; networking configuration/engineering; software deployment; programming.
Brian Baskin


Senior Threat Researcher, Carbon Black

John Holowczak


Senior Threat Analyst, Carbon Black

Analytics Intelligence & Response

security operations network security intrusion prevention/detection DevSecOps critical infrastructure



Share With Your Community