Menu

SOC Automation, Enterprise Blueprinting and Hunting Using Open-Source Tools

Visibility is the core component in any SOC, from continual monitoring to incident response. While having a simple interface helps to display data, sometimes advanced hunting requires moving beyond the interface and delving into data that’s likely never been documented. This presentation will focus on building a better understanding of environments and hunting for unknown threats that lie within.Learning Objectives:1: Learn about blueprint networks using native operating system tools and osquery.2: Learn how to reduce SOC fatigue by automating regular but critical tasks.3: Learn to hunt using properly collected and organized data.Pre-Requisites:Linux, Windows command line; ELK stack configuration, administration (or equivalent technology, i.e., Splunk); networking basics; networking configuration/engineering; software deployment; programming.>

Speakers

Headshot

Brian Baskin Senior Threat Researcher, Carbon Black

Headshot

John Holowczak Senior Threat Analyst, Carbon Black

← View more Videos

This document was retrieved from http://www.rsaconference.com/videos/soc-automation-enterprise-blueprinting-and-hunting-using-open-source-tools on Wed, 26 Jun 2019 08:02:14 -0400.