Automating incident response: scalable & fast, within minutes
HTML-код
- Опубликовано: 8 фев 2025
- In today's rapidly evolving digital landscape, the increasing frequency and the scale of security incidents pose significant challenges for incident response teams. The traditional approach, rooted in digital forensics, is no longer sufficient nor is it efficient enough. It's time for a shift towards an automated incident response strategy that combines the investigative prowess of a digital detective with a DevOps mindset. In this talk, we will present how the incident response process of acquiring data, processing data, and analyzing information can be automated. Based on how we have built our incident response lab using open-source software packages developed by Microsoft (AVML), Spector Ops (SharpHound), Google (Timesketch, Plaso and WinPmem), Rapid7 (Velociraptor), Fox-IT (Dissect), Elastic (Filebeat, Logstash, Kibana and Elasticsearch), KROLL (KAPE), HashiCorp (Terraform, Packer, Vault) and Jupyter (Jupyter Notebook). We will guide you from using tools manually to using these tools automatically and magically. Well not really magically, but we will emphasize the application of a DevOps mindset to the process that most incident responders execute on a daily basis including ourselves, combined with examples that can be put into practice.
SANS DFIR Summit 2024
Automating incident response: scalable & fast, within minutes
Speakers:
Zawadi Done, Incident Responder, Hunt & Hackett
Mattijs Dijkstra, Senior Incident Handler, Hunt & Hackett
View upcoming Summits: www.sans.org/u/DuS
Could you please elaborate on how exactly DevOps and automation has been used?