SOC Automation, Enterprise Blueprinting and Hunting Using Open-Source Tools

Visibility is the core component in any SOC, from continual monitoring to incident response. While having a simple interface helps to display data, sometimes advanced hunting requires moving beyond the interface and delving into data that’s likely never been documented. This presentation will focus on building a better understanding of environments and hunting for unknown threats that lie within.Learning Objectives:1: Learn about blueprint networks using native operating system tools and osquery.2: Learn how to reduce SOC fatigue by automating regular but critical tasks.3: Learn to hunt using properly collected and organized data.Pre-Requisites:Linux, Windows command line; ELK stack configuration, administration (or equivalent technology, i.e., Splunk); networking basics; networking configuration/engineering; software deployment; programming.>



Brian Baskin Senior Threat Researcher, Carbon Black


John Holowczak Senior Threat Analyst, Carbon Black

← View more Videos

This document was retrieved from on Thu, 20 Jun 2019 07:32:12 -0400.