SOC Automation, Enterprise Blueprinting and Hunting Using Open-Source Tools


Posted on in Presentations

Visibility is the core component in any SOC, from continual monitoring to incident response. While having a simple interface helps to display data, sometimes advanced hunting requires moving beyond the interface and delving into data that’s likely never been documented. This presentation will focus on building a better understanding of environments and hunting for unknown threats that lie within.

Learning Objectives:
1: Learn about blueprint networks using native operating system tools and osquery.
2: Learn how to reduce SOC fatigue by automating regular but critical tasks.
3: Learn to hunt using properly collected and organized data.

Pre-Requisites:
Linux, Windows command line; ELK stack configuration, administration (or equivalent technology, i.e., Splunk); networking basics; networking configuration/engineering; software deployment; programming.
Participants
Brian Baskin

Participant

Senior Threat Researcher, Carbon Black

John Holowczak

Participant

Senior Threat Analyst, Carbon Black

Analytics Intelligence & Response

security operations network security intrusion prevention/detection DevSecOps critical infrastructure


Topic

Subtopic


Share With Your Community