My “Aha!” Moment - Methods, Tips, & Lessons Learned in Threat Hunting - SANS THIR Summit 2019
HTML-код
- Опубликовано: 24 фев 2020
- This presentation is designed as a personal journey through threat hunting to inspire others to embrace certain methods, tips, and lessons learned. When John Stoner joined this Splunk team in 2017, the team started working on the second version of what it called “Boss of the SOC” (BOTS). John will share his team’s journey in threat hunting as it attempted to figure out where to start, at times found itself getting tangled in the data, and overcame distractions encountered during the hunting process. He’ll cover how the team was able to conduct hunts, and he’ll share some thoughts on gap analysis and operationalizing these findings. The presentation will also include some cautionary tales to help the threat hunting community assist security operations with operationalizing hunt data and not take all the great work that is out there and oversimplify it in such a way that it loses its impact. Attendees will come away with a better understanding of how to create a hunting hypothesis, build “guard rails” into your hunt to stay focused, and take hunting output and operationalize it. We’ll also examine the importance of conducting gap analysis as part of the hunting activity to support the efforts of operations. Attendees will receive a data set and instructional application that they can take home and play with!
John Stoner @stonerpsu, Principal Security Strategist, Splunk 
Наука
Excellent talk. Gives a framework for hunting… Best Wishes
Lot to takeaway from this. Good Stuff.
I just saw John and his colleague speak at 2021 WiCys conference it was really awesome!!! Thanks so much for a great experience!
Im glad im not the only one that has a notbook in which to write a massively diverse range of names, numbers, addresses, & more. Hopefully to of course research within a timely mannner and not get sidetracked on 15 other things.😅
Is there any SANS DFIR videos that aren't immediately my favourite upon watching? 🧐 I'm starting to think not. 😁
10/10
Is it advisable to enable FTP access to open internet.I have never seen its open unless its to a Dedicated client.Hence wanted to know how the FTP access worked fine.